VYPR
Vendor

Duckdb

Products
2
CVEs
3
Across products
4
Status
Private

Products

2

Recent CVEs

3
  • CVE-2025-59037HigSep 9, 2025
    risk 0.49cvss epss 0.00

    DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of DuckDB's packages that included…

  • CVE-2025-64429Nov 12, 2025
    risk 0.00cvss epss 0.00

    DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator (pcg32) to generate…

  • CVE-2024-41672Jul 24, 2024
    risk 0.00cvss epss 0.01

    DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to…