18 matches found
EUVD-2025-12598
Malicious code in bioql PyPI...
EUVD-2023-1814
Malicious code in bioql PyPI...
EUVD-2025-0209
Malicious code in bioql PyPI...
CVE-2025-24791
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...
CVE-2025-46328 NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...
GHSA-WMJQ-JRM2-9WFR NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
Issue Snowflake discovered and remediated a vulnerability in the NodeJS Driver for Snowflake “Driver”. When using the Easy Logging feature on Linux and macOS the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to...
NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
Issue Snowflake discovered and remediated a vulnerability in the NodeJS Driver for Snowflake “Driver”. When using the Easy Logging feature on Linux and macOS the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to...
GHSA-XFHV-WQJ6-RX99 snowflake-sdk may incorrectly validate temporary credential cache file permissions
Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux...
snowflake-sdk may incorrectly validate temporary credential cache file permissions
Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux...
CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...
CVE-2025-24791
CVE-2025-24791 affects snowflake-connector-nodejs (Snowflake NodeJS Driver) on Linux. The vulnerability allows bypassing file permissions checks for the temporary credential cache, exploitable by an attacker with write access to the local cache directory. Affected versions are 1.12.0 through 2.0....
CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...
NodeJS Driver for Snowflake 安全漏洞
NodeJS Driver for Snowflake is an open source NodeJS driver from Snowflake Computing. A security vulnerability exists in NodeJS Driver for Snowflake versions prior to 2.0.2, which stems from an attacker with write access to a local cache directory can bypass file permission checks in the temporar...
CVE-2023-34232
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...
CVE-2023-34232
Snowflake NodeJS driver (snowflake-connector-nodejs) is vulnerable to command injection via Single Sign-On (SSO) browser URL authentication in versions before 1.6.21. The attack requires the attacker to host a malicious resource and Trick a user into visiting a crafted connection URL; if successf...
CVE-2023-34232 Snowflake NodeJS Driver vulnerable to Command Injection
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...
Malicious code in nodejs-driver (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c4ceaf6a066fdce9ab350306c61d927c0ca99cc7d77b8eefe29c778fdfd8758 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4904 Malicious code in nodejs-driver (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c4ceaf6a066fdce9ab350306c61d927c0ca99cc7d77b8eefe29c778fdfd8758 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...