Vulnerabilities > Mindsdb

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-45856 Cross-site Scripting vulnerability in Mindsdb
A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.
network
low complexity
mindsdb CWE-79
5.4
2024-09-05 CVE-2024-24759 Server-Side Request Forgery (SSRF) vulnerability in Mindsdb
MindsDB is a platform for building artificial intelligence from enterprise data.
network
low complexity
mindsdb CWE-918
critical
9.1
2023-12-22 CVE-2023-50731 Path Traversal vulnerability in Mindsdb
MindsDB is a SQL Server for artificial intelligence.
network
low complexity
mindsdb CWE-22
critical
9.1
2023-12-11 CVE-2023-49796 Unspecified vulnerability in Mindsdb 23.7.4.1
MindsDB connects artificial intelligence models to real time data.
network
low complexity
mindsdb
5.3
2023-12-11 CVE-2023-49795 Server-Side Request Forgery (SSRF) vulnerability in Mindsdb
MindsDB connects artificial intelligence models to real time data.
network
low complexity
mindsdb CWE-918
5.3
2023-08-04 CVE-2023-38699 Missing Encryption of Sensitive Data vulnerability in Mindsdb
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource.
network
low complexity
mindsdb CWE-311
6.5