mindsdb logo

mindsdb

#5734 · by mindsdb
agenttool-usemulti-step
0.99/ 5.00
blockedBeta
Score capped to 0.99 (raw score: 2.98) — critical/high CVE detected with no known fix. Status blocked until the vulnerability is patched.
Mar 4, 2026 at 4:53 AM6 signals analysedNo manual reviews · fully automated
Trust Signal Breakdown
high23 sub-signals across 6 dimensions

CVEs, dependency health, and supply chain integrity

2 of 3 sub-signals with data

Known CVEs57%0.0

22 CVE(s) found — 4 unpatched

via OSV.dev

Dependency Healthno data

Weight redistributed to sub-signals with data

Supply Chain43%4.8

583 transitive CVEs found (penalty: -0.25)

via npm provenance

Uptime, latency, error rates, and incident history

4 of 4 sub-signals with data

Uptime35%5.0

100.00% over 2 checks

via Health checks

Response Latency25%5.0

p99: 23ms, p50: 23ms

via Health checks

Error Rate20%1.0

50.00% error rate (1/2)

via Health checks

Incident History20%4.0

1 incidents in last 90 days

via Incidents table

Commit recency, release cadence, issue response, CI/CD

4 of 4 sub-signals with data

Commit Recency30%5.0

via GitHub

Release Cadence25%5.0

via GitHub

Issue Response20%1.0

via GitHub

CI/CD Presence25%5.0

via GitHub Actions

Downloads, stars, dependents, and growth trajectory

2 of 4 sub-signals with data

Download Volume55%3.0

5,129 weekly downloads

via npm / PyPI

GitHub Stars45%5.0

38,614 stars

via GitHub

Dependent Packagesno data

Weight redistributed to sub-signals with data

Growth Trendno data

Weight redistributed to sub-signals with data

License, documentation, security policy, changelog

4 of 4 sub-signals with data

Open Source30%3.0

Public repo with non-OSI license (noassertion)

via GitHub

Documentation25%5.0

Docs site present with comprehensive README (>2000 bytes + examples)

via GitHub

Security Policy20%5.0

SECURITY.md present

via GitHub

Changelog25%2.0

No CHANGELOG.md and no releases found

via GitHub

Track record, org maturity, community standing

4 of 4 sub-signals with data

Track Record30%4.0

Internal: 1.0 (0 services), External: 4.0 (1346 followers, 39808 stars)

via Fabric index

Org Maturity30%5.0

Organization, 8.5 years old

via GitHub

Community Standing20%4.0

50 public repositories

via GitHub

Cross-Platform20%3.0

Present on 2 platform(s): github, pypi

via Registry scan

About this score
Scored across 23 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)
Trust AssessmentAI Assessment

MindsDB is a federated query engine for AI published by mindsdb under a NOASSERTION license, positioning itself as a comprehensive MCP server solution. The service is blocked due to 22 known CVEs including critical unpatched vulnerabilities, making it not recommended for production use despite reasonable operational uptime. The lack of a standard open-source license combined with severe unaddressed security issues represents a significant deployment risk.

Generated by Fabric AI · Mar 4, 2026 at 4:53 AM

Package Availability (30d)
100.00%
p50: 23ms · p99: 23ms
Avg Latency
18ms
averaged across 30d health checks
Weekly Downloads
5.1k
PyPI weekly
Transparency & Compliance4/5 passed
Open Source CodePublic repository on GitHub
OSI LicenseNo recognized open-source license
DocumentationREADME with examples/code blocks
SECURITY.mdSecurity policy published
API DocumentationOpenAPI spec or docs directory found
Incidents & Alertslast 90 days
Mar 2Critical unpatched CVE — no fix available0.99
Mar 2Trust score decreased by 1.860.99
Feb 23mindsdb added to Trust Index2.52
Showing 3 of 3 events
Score History13 snapshots
5.003.752.501.250.00
Feb 23Mar 3
Community & Ecosystemadoption signals
5.1k
Weekly Downloads
PyPI
10
Releases
on GitHub
Supply Chain & Dependenciestrust chain
a2wsgi
pypi · ~=1.10.10
aerospike
pypi · ~=13.0.0; extra == "all-handlers-extras"
aiohttp
pypi · >=3.13.3; extra == "all-handlers-extras" · 31 CVEs9L5H17M
aipdf
pypi · ==0.0.7.0
alembic
pypi · >=1.3.3
anthropic
pypi · ==0.18.1; extra == "all-handlers-extras"
Showing 6 of 240 dependencies
Data Sources6 indexed
OSV.devCVE database · vulnerability scanning for npm & PyPI packages
GitHub APICommits, issues, releases, repo metadata, transparency checks
npm RegistryPackage metadata, weekly downloads, maintainers, dependencies
PyPIPackage metadata, weekly downloads, dependency tree
HTTP Health Checks15-min pings · uptime, latency, status monitoring
PyPI StatsDownload statistics and trends
Version Historyscore per release
VERSIONRELEASEDSCOREDELTA
v26.0.0Feb 25, 20262.52
v26.0.0rc3Feb 20, 2026
v26.0.0rc2Feb 19, 2026
v26.0.0rc1Feb 17, 2026
v25.14.1Jan 21, 2026
v25.14.0Jan 19, 2026
Showing 6 of 10 releases

Are you the publisher?

Claim this profile to unlock deeper evaluation, real-time monitoring,
and trust signals that help agents discover your service.

Share this Trust Score

Generate a scorecard image optimised for X, LinkedIn and other social platforms.

⬇ Download Score Card