Browse all 3 CVE security advisories affecting duckdb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DuckDB serves as an in-process analytical database designed for complex querying directly within applications, commonly used for data analysis and embedded systems. Historically, vulnerabilities have included remote code execution flaws in deserialization processes and SQL injection risks due to improper input handling. While only three CVEs exist, they highlight potential risks in embedded deployments. The project maintains a relatively strong security posture with regular updates, though its increasing adoption may attract more scrutiny. No major security incidents have been widely reported, but the database's embedded nature requires careful implementation to prevent privilege escalation in multi-user environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59037 | DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware — duckdb-nodeCWE-506 | 9.1AI | CriticalAI | 2025-09-09 |
This page lists every published CVE security advisory associated with duckdb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.