acedeploy (>=2.4.15 <=2.4.115), aigc-evals (>=0.0.2 <=0.0.3) +131 more potentially affected by CVE-2025-24793 via snowflake-connector-python (>=2.2.5 <=3.13.0)

snowflake-connector-python PYPI version =2.2.5, =2.4.15, =0.0.2, =2.4.0, =0.0.4, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.5.83, =0.4.0, =1.0.8, =1.0.11 and more Source cves: CVE-2025-24793 Source advisory: SNYK:PYTHON-SNOWFLAKECONNECTORPYTHON-8674928...

Deserialization of Untrusted Data

Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the insecure handling of serialization exceptions which is not supported for all exceptions. This is because The OCSP response cache...

GHSA-M4F6-VCJ4-W5MX snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache

Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue...

acedeploy (>=2.4.15 <=2.4.115), arreyy (=0.0.1) +89 more potentially affected by CVE-2025-24794 via snowflake-connector-python (>=2.7.12 <=3.13.0)

snowflake-connector-python PYPI version =2.7.12, =2.4.15, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =0.7.0, =0.7.3 and more Source cves: CVE-2025-24794 Source advisory: SNYK:PYTHON-SNOWFLAKECONNECTORPYTHON-8674925...

acedeploy (>=2.4.15 <=2.4.115), arreyy (=0.0.1) +89 more potentially affected by CVE-2025-24794 via snowflake-connector-python (>=2.7.12 <=3.13.0)

snowflake-connector-python PYPI version =2.7.12, =2.4.15, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =0.7.0, =0.7.3 and more Source cves: CVE-2025-24794 Source advisory: OSV:GHSA-M4F6-VCJ4-W5MX...

acedeploy (>=2.4.15 <=2.4.115), apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1) +108 more potentially affected by CVE-2025-24795 via snowflake-connector-python (>=2.3.7 <=3.13.0)

snowflake-connector-python PYPI version =2.3.7, =2.4.15, =2.4.0, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =1.1.4 - datacontract-cli =0.10.4 and more Source cves: CVE-2025-24795 Source advisory: OSV:GHSA-R2X6-CJG7-8R43...

GHSA-R2X6-CJG7-8R43 snowflake-connector-python vulnerable to insecure cache files permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects version...

CVE-2025-24794 The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

UBUNTU-CVE-2025-21548

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successf...

CVE-2025-21548

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successf...

py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL

Oracle reports: Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

openSUSE 15 Security Update : python-mysql-connector-python (openSUSE-SU-2024:0351-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0351-1 advisory. - Update to 9.1.0 boo1231740, CVE-2024-21272 - WL16452: Bundle all installable authentication plugins when building the C-extension - WL16444: Drop build...

SQL Injection

Overview mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification PEP-249. Affected versions of this package are vulnerable to SQL Injection due to improper sanitization of schema and table names...

Insertion of Sensitive Information into Log File

Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging of sensitive information when the logging level is set to DEBUG. An attacker can access sensitive data su...

MySQL Connector/Python connector takeover vulnerability

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors...

afs2-datasource (>=3.8.0.0 <=3.8.2), afw (>=0.0.6 <=0.0.21) +281 more potentially affected by CVE-2024-21272 via mysql-connector-python (>=8.0.21 <=9.0.0)

mysql-connector-python PYPI version =8.0.21, =3.8.0.0, =0.0.6, =1.4.20, =0.0.1, =0.1.1, =0.3.0, =0.0.1, =1.0.0b1, =0.10.0, =2021.2.5, =1.0.1, =1.0.12, =1.1.15, =1.2.24 and more Source cves: CVE-2024-21272 Source advisory: OSV:GHSA-HGJP-83M4-H4FJ...

GHSA-HGJP-83M4-H4FJ MySQL Connector/Python connector takeover vulnerability

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors...

CVE-2024-21272

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors...

CVE-2024-21272

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors...

UBUNTU-CVE-2024-21272

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors...