EUVD-2025-28464

Malicious code in bioql PyPI...

EUVD-2024-3568

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-2435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 8.0.13 and prior and...

GHSA-R244-WG5G-6W2R Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

Summary Amazon Redshift Python Connector is a pure Python connector to Redshift i.e., driver that implements the Python Database API Specification 2.0. When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certifica...

Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

Summary Amazon Redshift Python Connector is a pure Python connector to Redshift i.e., driver that implements the Python Database API Specification 2.0. When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certifica...

CVE-2025-5279

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

CVE-2025-5279

CVE-2025-5279 : The issue affects the Amazon Redshift Python Connector when configured with the BrowserAzureOAuth2CredentialsProvider plugin, where the driver skips SSL certificate validation for the Identity Provider. This can allow an attacker to intercept the token exchange and retrieve an acc...

CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

Amazon Redshift Python Connector 安全漏洞

Amazon Redshift Python Connector is an Amazon Redshift Connector for Python by Amazon.com, Inc. A security vulnerability exists in the Amazon Redshift Python Connector that stems from the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL certificate validation, which could lead to...

PT-2025-23027

Name of the Vulnerable Software and Affected Versions Amazon Redshift Python Connector versions prior to 2.1.7 Description The issue arises when the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, causing the driver to skip the SSL certificate...

CVE-2024-12745

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...

PYSEC-2025-27

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

PYSEC-2025-26

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the...

Incorrect Default Permissions

Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Incorrect Default Permissions when using EXTERNALBROWSER or USERNAMEPASSWORDMFA authentication methods with temporary credential caching enabled, allowing the attacker to...

CVE-2025-24795

The Snowflake Connector for Python (Linux) has a vulnerability in temporary credential caching: when enabled, credentials are cached in a world-readable file. Affected versions are 2.3.7 through 3.13.0; upgrade to 3.13.1 to fix. (Exploits not described in the provided documents; CVSS details indi...

PT-2025-5576 · Snowflake · Snowflake Connector For Python

Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions 2.3.7 through 3.13.0 Description: The Snowflake Connector for Python stores temporary credentials locally in a world-readable file when temporary credential caching is enabled on Linux systems. This iss...

PT-2025-5575 · Snowflake · Snowflake Connector For Python

Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions 2.7.12 through 3.13.0 Description: The OCSP response cache in the Snowflake Connector for Python uses pickle as the serialization format, potentially leading to local privilege escalation. This issue ca...

Snowflake Connector for Python 代码问题漏洞

Snowflake Connector for Python is an open source interface from Snowflake Computing. It is used to develop Python applications that can connect to Snowflake and perform all standard operations. A code issue vulnerability exists in Snowflake Connector for Python versions prior to 3.13.1, which ste...

RedShift Python Connector < 2.1.5 (CVE-2024-12745)

The Amazon Redshift Python Connector, version 2.1.4, is affected by CVE-2024-12745, a SQL injection issue when utilizing the getschemas, gettables, or getcolumns Metadata APIs. This issue has been addressed in driver version 2.1.5. We recommend customers upgrade to the driver version 2.1.5 or...