VYPR

Snowflake Jdbc

by Snowflake

Source repositories

CVEs (6)

  • CVE-2026-6442HigApr 16, 2026
    risk 0.54cvss 8.3epss 0.00

    Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository,…

  • CVE-2026-3293LowFeb 27, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the…

  • CVE-2025-27496Mar 13, 2025
    risk 0.00cvss epss 0.00

    Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the…

  • CVE-2025-24790Jan 29, 2025
    risk 0.00cvss epss 0.00

    Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the…

  • CVE-2025-24789Jan 29, 2025
    risk 0.00cvss epss 0.00

    Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an…

  • CVE-2023-30535Apr 14, 2023
    risk 0.00cvss epss 0.02

    Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server…