VYPR

Vendor CVEs

Snowflake

All CVEs

29 total · sorted by risk
  • CVE-2026-6442HigApr 16, 2026
    risk 0.54cvss 8.3epss 0.00

    Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository,…

  • CVE-2026-33682MedMar 26, 2026
    risk 0.24cvss 4.7epss 0.00

    Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of…

  • CVE-2025-24792MedJan 29, 2025
    risk 0.22cvss 4.4epss 0.00

    Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a…

  • CVE-2025-46614LowApr 28, 2025
    risk 0.21cvss 3.3epss 0.00

    In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File.

  • CVE-2026-10804LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The…

  • CVE-2026-3293LowFeb 27, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the…

  • CVE-2025-46329Apr 29, 2025
    risk 0.00cvss epss 0.00

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the…

  • CVE-2025-46330Apr 29, 2025
    risk 0.00cvss epss 0.00

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were…

  • CVE-2025-46328Apr 28, 2025
    risk 0.00cvss epss 0.00

    snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration…

  • CVE-2025-46327Apr 28, 2025
    risk 0.00cvss epss 0.00

    gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a…

  • CVE-2025-46326Apr 28, 2025
    risk 0.00cvss epss 0.00

    snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration…

  • CVE-2025-27496Mar 13, 2025
    risk 0.00cvss epss 0.00

    Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the…

  • CVE-2025-24795Jan 29, 2025
    risk 0.00cvss epss 0.00

    The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when…

  • CVE-2025-24794Jan 29, 2025
    risk 0.00cvss epss 0.00

    The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses…

  • CVE-2025-24793Jan 29, 2025
    risk 0.00cvss epss 0.00

    The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the…

  • CVE-2025-24788Jan 29, 2025
    risk 0.00cvss epss 0.00

    snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to…

  • CVE-2025-24790Jan 29, 2025
    risk 0.00cvss epss 0.00

    Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the…

  • CVE-2025-24789Jan 29, 2025
    risk 0.00cvss epss 0.00

    Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an…

  • CVE-2025-24791Jan 29, 2025
    risk 0.00cvss epss 0.00

    snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache…

  • CVE-2024-49750Oct 24, 2024
    risk 0.00cvss epss 0.00

    The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo…

  • CVE-2024-28851Mar 15, 2024
    risk 0.00cvss epss 0.00

    The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider…

  • CVE-2023-51662Dec 22, 2023
    risk 0.00cvss epss 0.00

    The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List…

  • CVE-2023-34230Jun 8, 2023
    risk 0.00cvss epss 0.01

    snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious…

  • CVE-2023-34233Jun 8, 2023
    risk 0.00cvss epss 0.02

    The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order…

  • CVE-2023-34232Jun 8, 2023
    risk 0.00cvss epss 0.02

    snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1)…

  • CVE-2023-34231Jun 8, 2023
    risk 0.00cvss epss 0.02

    gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be…

  • CVE-2023-30535Apr 14, 2023
    risk 0.00cvss epss 0.02

    Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server…

  • CVE-2010-0798Mar 2, 2010
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2010-0797Mar 2, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.