Snowflake
Products
9- 12 CVEs
- 6 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- Streamlit2 CVEspypi
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6442 | Hig | 0.54 | 8.3 | 0.00 | Apr 16, 2026 | Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository,… | ||
| CVE-2026-33682 | Med | 0.24 | 4.7 | 0.00 | Mar 26, 2026 | Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of… | ||
| CVE-2025-24792 | Med | 0.22 | 4.4 | 0.00 | Jan 29, 2025 | Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a… | ||
| CVE-2025-46614 | Low | 0.21 | 3.3 | 0.00 | Apr 28, 2025 | In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File. | ||
| CVE-2026-10804 | Low | 0.16 | 3.6 | 0.00 | Jun 4, 2026 | A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The… | ||
| CVE-2026-3293 | Low | 0.14 | 3.3 | 0.00 | Feb 27, 2026 | A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the… | ||
| CVE-2025-46329 | 0.00 | — | 0.00 | Apr 29, 2025 | libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the… | |||
| CVE-2025-46330 | 0.00 | — | 0.00 | Apr 29, 2025 | libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were… | |||
| CVE-2025-46328 | 0.00 | — | 0.00 | Apr 28, 2025 | snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration… | |||
| CVE-2025-46327 | 0.00 | — | 0.00 | Apr 28, 2025 | gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a… | |||
| CVE-2025-46326 | 0.00 | — | 0.00 | Apr 28, 2025 | snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration… | |||
| CVE-2025-27496 | 0.00 | — | 0.00 | Mar 13, 2025 | Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the… | |||
| CVE-2025-24795 | 0.00 | — | 0.00 | Jan 29, 2025 | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when… | |||
| CVE-2025-24794 | 0.00 | — | 0.00 | Jan 29, 2025 | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses… | |||
| CVE-2025-24793 | 0.00 | — | 0.00 | Jan 29, 2025 | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the… | |||
| CVE-2025-24788 | 0.00 | — | 0.00 | Jan 29, 2025 | snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to… | |||
| CVE-2025-24790 | 0.00 | — | 0.00 | Jan 29, 2025 | Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the… | |||
| CVE-2025-24789 | 0.00 | — | 0.00 | Jan 29, 2025 | Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an… | |||
| CVE-2025-24791 | 0.00 | — | 0.00 | Jan 29, 2025 | snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache… | |||
| CVE-2024-49750 | 0.00 | — | 0.00 | Oct 24, 2024 | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo… |
- risk 0.54cvss 8.3epss 0.00
Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository,…
- risk 0.24cvss 4.7epss 0.00
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of…
- risk 0.22cvss 4.4epss 0.00
Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a…
- risk 0.21cvss 3.3epss 0.00
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File.
- risk 0.16cvss 3.6epss 0.00
A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The…
- risk 0.14cvss 3.3epss 0.00
A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the…
- CVE-2025-46329Apr 29, 2025risk 0.00cvss —epss 0.00
libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the…
- CVE-2025-46330Apr 29, 2025risk 0.00cvss —epss 0.00
libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were…
- CVE-2025-46328Apr 28, 2025risk 0.00cvss —epss 0.00
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration…
- CVE-2025-46327Apr 28, 2025risk 0.00cvss —epss 0.00
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a…
- CVE-2025-46326Apr 28, 2025risk 0.00cvss —epss 0.00
snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration…
- CVE-2025-27496Mar 13, 2025risk 0.00cvss —epss 0.00
Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the…
- CVE-2025-24795Jan 29, 2025risk 0.00cvss —epss 0.00
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when…
- CVE-2025-24794Jan 29, 2025risk 0.00cvss —epss 0.00
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses…
- CVE-2025-24793Jan 29, 2025risk 0.00cvss —epss 0.00
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the…
- CVE-2025-24788Jan 29, 2025risk 0.00cvss —epss 0.00
snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to…
- CVE-2025-24790Jan 29, 2025risk 0.00cvss —epss 0.00
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the…
- CVE-2025-24789Jan 29, 2025risk 0.00cvss —epss 0.00
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an…
- CVE-2025-24791Jan 29, 2025risk 0.00cvss —epss 0.00
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache…
- CVE-2024-49750Oct 24, 2024risk 0.00cvss —epss 0.00
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo…