pkg:PyPI/duckdb

All known vulnerabilities

• CRITICAL9.8CVE-2024-22682DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.
  from 0, < 0.9.3.dev6
• HIGH7.5CVE-2024-41672sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
  >= 1.0.0, < 1.1.0
• HIGH7.5CVE-2024-41672sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
  from 0, < c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a, < c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a | from 0, < 1.1.0
• MEDIUM6.5CVE-2025-64429DuckDB is a SQL database management system.
  >= 1.4.0, < 1.4.2