Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

snowflakedb — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting snowflakedb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Snowflakedb operates as a cloud-native data warehousing platform, enabling organizations to store and analyze large volumes of structured and semi-structured data. Despite its robust architecture, the software has accumulated 23 recorded Common Vulnerabilities and Exposures (CVEs), indicating persistent security challenges. Historically, these flaws predominantly involve privilege escalation and cross-site scripting (XSS), allowing unauthorized users to manipulate system permissions or inject malicious scripts. While remote code execution (RCE) incidents are less frequent, they remain critical when they occur. The platform lacks significant publicized major breaches, yet the recurring nature of these vulnerabilities suggests ongoing difficulties in patching legacy code or securing API endpoints. Security teams must prioritize rigorous input validation and strict access control mechanisms to mitigate these known risks, ensuring that the convenience of cloud-based analytics does not compromise data integrity or user privacy.

Top products by snowflakedb: snowflake-jdbc snowflake-connector-python snowflake-connector-net snowflake-connector-nodejs gosnowflake libsnowflakeclient snowflake-hive-metastore-connector pdo_snowflake
CVE IDTitleCVSSSeverityPublished
CVE-2026-3293 snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos — snowflake-jdbcCWE-1333 3.3 Low2026-02-27
CVE-2025-46329 Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs — libsnowflakeclientCWE-532 3.3 Low2025-04-29
CVE-2025-46330 Snowflake Connector for C/C++ retries malformed requests — libsnowflakeclientCWE-573 3.3 Low2025-04-29
CVE-2025-46328 NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file — snowflake-connector-nodejsCWE-367 3.3 Low2025-04-28
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file — gosnowflakeCWE-367 3.3 Low2025-04-28
CVE-2025-46326 Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file — snowflake-connector-netCWE-367 3.3 Low2025-04-28
CVE-2025-27496 Snowflake JDBC Driver client-side encryption key in DEBUG logs — snowflake-jdbcCWE-532 3.3 Low2025-03-13
CVE-2025-24795 The Snowflake Connector for Python uses insecure cache files permissions — snowflake-connector-pythonCWE-276 4.4 Medium2025-01-29
CVE-2025-24794 The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache — snowflake-connector-pythonCWE-502 6.7 Medium2025-01-29
CVE-2025-24793 Snowflake Connector for Python has an SQL Injection in write_pandas — snowflake-connector-pythonCWE-89 7.0 High2025-01-29
CVE-2025-24788 Snowflake Connector for .NET has weak temporary files permissions — snowflake-connector-netCWE-276 5.0 Medium2025-01-29
CVE-2025-24790 Snowflake JDBC uses insecure temporary credential cache file permissions — snowflake-jdbcCWE-276 4.4 Medium2025-01-29
CVE-2025-24789 Snowflake JDBC allows an untrusted search path on Windows — snowflake-jdbcCWE-426 7.8 High2025-01-29
CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions — snowflake-connector-nodejsCWE-281 4.4 Medium2025-01-29
CVE-2025-24792 Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error — pdo_snowflakeCWE-195 4.4 Medium2025-01-29
CVE-2024-49750 Snowflake Connector for Python has sensitive data in logs — snowflake-connector-pythonCWE-532 5.5 Medium2024-10-24
CVE-2024-28851 Elevation of privilege in Snowflake Hive MetaStore Connector Helper script — snowflake-hive-metastore-connectorCWE-269 4.0 Medium2024-03-15
CVE-2023-51662 Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL) — snowflake-connector-netCWE-295 6.0 Medium2023-12-22
CVE-2023-34230 Snowflake Connector vulnerable to Command Injection — snowflake-connector-netCWE-77 7.3 High2023-06-08
CVE-2023-34233 Snowflake Python Connector vulnerable to Command Injection — snowflake-connector-pythonCWE-77 8.0 -2023-06-08
CVE-2023-34232 Snowflake NodeJS Driver vulnerable to Command Injection — snowflake-connector-nodejsCWE-77 7.3 High2023-06-08
CVE-2023-34231 Snowflake Golang Driver vulnerable to Command Injection — gosnowflakeCWE-77 8.0 -2023-06-08
CVE-2023-30535 Snowflake JDBC vulnerable to command injection via SSO URL authentication — snowflake-jdbcCWE-20 7.3 High2023-04-14

This page lists every published CVE security advisory associated with snowflakedb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.