{"url":"http://public2.vulnerablecode.io/api/packages/85035?format=json","purl":"pkg:pypi/mindsdb@24.6.4.1","type":"pypi","namespace":"","name":"mindsdb","version":"24.6.4.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.0.0rc1","latest_non_vulnerable_version":"26.0.0rc1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40711?format=json","vulnerability_id":"VCID-1b1n-66bj-v3dz","summary":"Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45852","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48133","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45852"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/proc_wrapper.py#L54-L55","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/proc_wrapper.py#L54-L55"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-82.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-82.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:14:17Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45852","reference_id":"CVE-2024-45852","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45852"},{"reference_url":"https://github.com/advisories/GHSA-7vhj-pfwv-hx3w","reference_id":"GHSA-7vhj-pfwv-hx3w","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vhj-pfwv-hx3w"}],"fixed_packages":[],"aliases":["CVE-2024-45852","GHSA-7vhj-pfwv-hx3w","PYSEC-2024-82"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1b1n-66bj-v3dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84986?format=json","vulnerability_id":"VCID-453x-w26r-kkgk","summary":"A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2531","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23304","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2531"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-91.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-91.yaml"},{"reference_url":"https://github.com/mindsdb/mindsdb/issues/12163","reference_id":"12163","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://github.com/mindsdb/mindsdb/issues/12163"},{"reference_url":"https://github.com/mindsdb/mindsdb/pull/12213","reference_id":"12213","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://github.com/mindsdb/mindsdb/pull/12213"},{"reference_url":"https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed","reference_id":"74d6f0fd4b630218519a700fbee1c05c7fd4b1ed","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/?ctiid.346119","reference_id":"?ctiid.346119","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://vuldb.com/?ctiid.346119"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2531","reference_id":"CVE-2026-2531","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2531"},{"reference_url":"https://github.com/advisories/GHSA-6xw9-2p64-7622","reference_id":"GHSA-6xw9-2p64-7622","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xw9-2p64-7622"},{"reference_url":"https://vuldb.com/?id.346119","reference_id":"?id.346119","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://vuldb.com/?id.346119"},{"reference_url":"https://github.com/mindsdb/mindsdb/","reference_id":"mindsdb","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://github.com/mindsdb/mindsdb/"},{"reference_url":"https://vuldb.com/?submit.748219","reference_id":"?submit.748219","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://vuldb.com/?submit.748219"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/90255?format=json","purl":"pkg:pypi/mindsdb@26.0.0rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@26.0.0rc1"}],"aliases":["CVE-2026-2531","GHSA-6xw9-2p64-7622","PYSEC-2026-91"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-453x-w26r-kkgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40769?format=json","vulnerability_id":"VCID-4u93-1dq3-y3b3","summary":"Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45853","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.53001","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45853"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L424-L431","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L424-L431"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-83.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-83.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:12:46Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45853","reference_id":"CVE-2024-45853","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45853"},{"reference_url":"https://github.com/advisories/GHSA-q9r8-89xr-4xv4","reference_id":"GHSA-q9r8-89xr-4xv4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q9r8-89xr-4xv4"}],"fixed_packages":[],"aliases":["CVE-2024-45853","GHSA-q9r8-89xr-4xv4","PYSEC-2024-83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4u93-1dq3-y3b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79751?format=json","vulnerability_id":"VCID-6d5g-g2tf-6yck","summary":"MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the \"Upload File\" module, which corresponds to the API endpoint /api/files. Since the multipart file upload does not perform security checks on the uploaded file path, an attacker can perform path traversal by using `../` sequences in the filename field. The file write operation occurs before calling clear_filename and save_file, meaning there is no filtering of filenames or file types, allowing arbitrary content to be written to any path on the server. Version 25.9.1.1 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27483","reference_id":"","reference_type":"","scores":[{"value":"0.23286","scoring_system":"epss","scoring_elements":"0.96072","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27483"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/87a44bdb2b97f963e18f10a068e1a1e2690505ef","reference_id":"87a44bdb2b97f963e18f10a068e1a1e2690505ef","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-27T18:19:02Z/"}],"url":"https://github.com/mindsdb/mindsdb/commit/87a44bdb2b97f963e18f10a068e1a1e2690505ef"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52547.py","reference_id":"CVE-2026-27483","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52547.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27483","reference_id":"CVE-2026-27483","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27483"},{"reference_url":"https://github.com/advisories/GHSA-4894-xqv6-vrfq","reference_id":"GHSA-4894-xqv6-vrfq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4894-xqv6-vrfq"},{"reference_url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4894-xqv6-vrfq","reference_id":"GHSA-4894-xqv6-vrfq","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-27T18:19:02Z/"}],"url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4894-xqv6-vrfq"},{"reference_url":"https://github.com/mindsdb/mindsdb/releases/tag/v25.9.1.1","reference_id":"v25.9.1.1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-27T18:19:02Z/"}],"url":"https://github.com/mindsdb/mindsdb/releases/tag/v25.9.1.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39774?format=json","purl":"pkg:pypi/mindsdb@25.9.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-453x-w26r-kkgk"},{"vulnerability":"VCID-msja-d93b-ckes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@25.9.1.1"}],"aliases":["CVE-2026-27483","GHSA-4894-xqv6-vrfq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d5g-g2tf-6yck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40549?format=json","vulnerability_id":"VCID-8g4t-89pm-cfan","summary":"A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45856","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36442","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45856"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T16:55:06Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45856","reference_id":"CVE-2024-45856","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45856"},{"reference_url":"https://github.com/advisories/GHSA-32fj-r8qw-r8w8","reference_id":"GHSA-32fj-r8qw-r8w8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-32fj-r8qw-r8w8"}],"fixed_packages":[],"aliases":["CVE-2024-45856","GHSA-32fj-r8qw-r8w8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8g4t-89pm-cfan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40324?format=json","vulnerability_id":"VCID-8yk3-stqs-h7c2","summary":"An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45850","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68584","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45850"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-80.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-80.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:16:12Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45850","reference_id":"CVE-2024-45850","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45850"},{"reference_url":"https://github.com/advisories/GHSA-v6g6-3cm3-vf6c","reference_id":"GHSA-v6g6-3cm3-vf6c","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6g6-3cm3-vf6c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33349?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b1n-66bj-v3dz"},{"vulnerability":"VCID-453x-w26r-kkgk"},{"vulnerability":"VCID-4u93-1dq3-y3b3"},{"vulnerability":"VCID-6d5g-g2tf-6yck"},{"vulnerability":"VCID-8g4t-89pm-cfan"},{"vulnerability":"VCID-msja-d93b-ckes"},{"vulnerability":"VCID-pncv-133f-p3hr"},{"vulnerability":"VCID-vdbp-38by-5qa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45850","GHSA-v6g6-3cm3-vf6c","PYSEC-2024-80"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8yk3-stqs-h7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40801?format=json","vulnerability_id":"VCID-dfcw-zje8-m7h5","summary":"An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45847","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63555","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45847"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:36:33Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45847","reference_id":"CVE-2024-45847","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45847"},{"reference_url":"https://github.com/advisories/GHSA-crmg-rp64-5cm3","reference_id":"GHSA-crmg-rp64-5cm3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crmg-rp64-5cm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33349?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b1n-66bj-v3dz"},{"vulnerability":"VCID-453x-w26r-kkgk"},{"vulnerability":"VCID-4u93-1dq3-y3b3"},{"vulnerability":"VCID-6d5g-g2tf-6yck"},{"vulnerability":"VCID-8g4t-89pm-cfan"},{"vulnerability":"VCID-msja-d93b-ckes"},{"vulnerability":"VCID-pncv-133f-p3hr"},{"vulnerability":"VCID-vdbp-38by-5qa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45847","GHSA-crmg-rp64-5cm3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfcw-zje8-m7h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40592?format=json","vulnerability_id":"VCID-kt19-81vm-9qes","summary":"An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45849","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68584","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45849"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-79.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-79.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:01:54Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45849","reference_id":"CVE-2024-45849","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45849"},{"reference_url":"https://github.com/advisories/GHSA-c85f-pcx6-2ghm","reference_id":"GHSA-c85f-pcx6-2ghm","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c85f-pcx6-2ghm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33349?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b1n-66bj-v3dz"},{"vulnerability":"VCID-453x-w26r-kkgk"},{"vulnerability":"VCID-4u93-1dq3-y3b3"},{"vulnerability":"VCID-6d5g-g2tf-6yck"},{"vulnerability":"VCID-8g4t-89pm-cfan"},{"vulnerability":"VCID-msja-d93b-ckes"},{"vulnerability":"VCID-pncv-133f-p3hr"},{"vulnerability":"VCID-vdbp-38by-5qa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45849","GHSA-c85f-pcx6-2ghm","PYSEC-2024-79"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kt19-81vm-9qes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93491?format=json","vulnerability_id":"VCID-msja-d93b-ckes","summary":"MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not \"url\". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68472","reference_id":"","reference_type":"","scores":[{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70942","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68472"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/releases/tag/v25.11.1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/releases/tag/v25.11.1"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-90.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-90.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68472","reference_id":"CVE-2025-68472","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68472"},{"reference_url":"https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal","reference_id":"CVE-2025-68472-MINDSDB-FILE-UPLOAD-PATH-TRAVERSAL","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal"},{"reference_url":"https://github.com/advisories/GHSA-qqhf-pm3j-96g7","reference_id":"GHSA-qqhf-pm3j-96g7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqhf-pm3j-96g7"},{"reference_url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7","reference_id":"GHSA-qqhf-pm3j-96g7","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:36:34Z/"}],"url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37594?format=json","purl":"pkg:pypi/mindsdb@25.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-453x-w26r-kkgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@25.11.1"}],"aliases":["CVE-2025-68472","GHSA-qqhf-pm3j-96g7","PYSEC-2026-90"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msja-d93b-ckes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40362?format=json","vulnerability_id":"VCID-pncv-133f-p3hr","summary":"Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45855","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45352","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45855"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L433-L442","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L433-L442"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-85.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T16:59:31Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45855","reference_id":"CVE-2024-45855","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45855"},{"reference_url":"https://github.com/advisories/GHSA-fr9q-rgwq-g5r5","reference_id":"GHSA-fr9q-rgwq-g5r5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fr9q-rgwq-g5r5"}],"fixed_packages":[],"aliases":["CVE-2024-45855","GHSA-fr9q-rgwq-g5r5","PYSEC-2024-85"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pncv-133f-p3hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40666?format=json","vulnerability_id":"VCID-r1a3-by3u-y7dy","summary":"An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45851","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68584","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45851"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-81.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-81.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:15:20Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45851","reference_id":"CVE-2024-45851","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45851"},{"reference_url":"https://github.com/advisories/GHSA-wf9g-c67g-h4ch","reference_id":"GHSA-wf9g-c67g-h4ch","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf9g-c67g-h4ch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33349?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b1n-66bj-v3dz"},{"vulnerability":"VCID-453x-w26r-kkgk"},{"vulnerability":"VCID-4u93-1dq3-y3b3"},{"vulnerability":"VCID-6d5g-g2tf-6yck"},{"vulnerability":"VCID-8g4t-89pm-cfan"},{"vulnerability":"VCID-msja-d93b-ckes"},{"vulnerability":"VCID-pncv-133f-p3hr"},{"vulnerability":"VCID-vdbp-38by-5qa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45851","GHSA-wf9g-c67g-h4ch","PYSEC-2024-81"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1a3-by3u-y7dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40231?format=json","vulnerability_id":"VCID-tt6q-rpjv-e3bz","summary":"An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45848","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63555","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45848"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-78.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-78.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:34:37Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45848","reference_id":"CVE-2024-45848","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45848"},{"reference_url":"https://github.com/advisories/GHSA-9gq6-6936-885w","reference_id":"GHSA-9gq6-6936-885w","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gq6-6936-885w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33349?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b1n-66bj-v3dz"},{"vulnerability":"VCID-453x-w26r-kkgk"},{"vulnerability":"VCID-4u93-1dq3-y3b3"},{"vulnerability":"VCID-6d5g-g2tf-6yck"},{"vulnerability":"VCID-8g4t-89pm-cfan"},{"vulnerability":"VCID-msja-d93b-ckes"},{"vulnerability":"VCID-pncv-133f-p3hr"},{"vulnerability":"VCID-vdbp-38by-5qa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45848","GHSA-9gq6-6936-885w","PYSEC-2024-78"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tt6q-rpjv-e3bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40487?format=json","vulnerability_id":"VCID-un9x-jxca-c7bq","summary":"An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45846","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63555","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45846"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-77.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-77.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:38:31Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45846","reference_id":"CVE-2024-45846","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45846"},{"reference_url":"https://github.com/advisories/GHSA-wcjw-3v6p-4v3r","reference_id":"GHSA-wcjw-3v6p-4v3r","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcjw-3v6p-4v3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33349?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b1n-66bj-v3dz"},{"vulnerability":"VCID-453x-w26r-kkgk"},{"vulnerability":"VCID-4u93-1dq3-y3b3"},{"vulnerability":"VCID-6d5g-g2tf-6yck"},{"vulnerability":"VCID-8g4t-89pm-cfan"},{"vulnerability":"VCID-msja-d93b-ckes"},{"vulnerability":"VCID-pncv-133f-p3hr"},{"vulnerability":"VCID-vdbp-38by-5qa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45846","GHSA-wcjw-3v6p-4v3r","PYSEC-2024-77"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-un9x-jxca-c7bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40492?format=json","vulnerability_id":"VCID-vdbp-38by-5qa8","summary":"Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45854","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45352","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45854"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L444-L449","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L444-L449"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-84.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-84.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"2024-09-mindsdb","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:05:13Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45854","reference_id":"CVE-2024-45854","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45854"},{"reference_url":"https://github.com/advisories/GHSA-7vhh-gfjc-x8rm","reference_id":"GHSA-7vhh-gfjc-x8rm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vhh-gfjc-x8rm"}],"fixed_packages":[],"aliases":["CVE-2024-45854","GHSA-7vhh-gfjc-x8rm","PYSEC-2024-84"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdbp-38by-5qa8"}],"fixing_vulnerabilities":[],"risk_score":"4.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.4.1"}