Incorrect Permission Assignment for Critical Resource

Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ConfigManager.readconfig path in configmanager.py. An attacker can modify sensitive settings stored in the...

EUVD-2025-0179

Malicious code in bioql PyPI...

CVE-2022-42965

An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented getfiletransfertype method...

Credential Caching

snowflakeconnectorpython is vulnerable to Credential Caching. The vulnerability is due to improper handling of temporary credential caching on Linux systems, When caching is enabled, the credentials are stored in a file that is readable by all users, allowing unauthorized access...

acedeploy (>=2.4.15 <=2.4.115), apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1) +108 more potentially affected by CVE-2025-24795 via snowflake-connector-python (>=2.3.7 <=3.13.0)

snowflake-connector-python PYPI version =2.3.7, =2.4.15, =2.4.0, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =1.1.4 - datacontract-cli =0.10.4 and more Source cves: CVE-2025-24795 Source advisory: OSV:PYSEC-2025-28...

CVE-2025-24793

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the...

acedeploy (>=2.4.15 <=2.4.115), arreyy (=0.0.1) +89 more potentially affected by CVE-2025-24794 via snowflake-connector-python (>=2.7.12 <=3.13.0)

snowflake-connector-python PYPI version =2.7.12, =2.4.15, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =0.7.0, =0.7.3 and more Source cves: CVE-2025-24794 Source advisory: OSV:PYSEC-2025-27...

acedeploy (>=2.4.15 <=2.4.115), aigc-evals (>=0.0.2 <=0.0.3) +131 more potentially affected by CVE-2025-24793 via snowflake-connector-python (>=2.2.5 <=3.13.0)

snowflake-connector-python PYPI version =2.2.5, =2.4.15, =0.0.2, =2.4.0, =0.0.4, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.5.83, =0.4.0, =1.0.8, =1.0.11 and more Source cves: CVE-2025-24793 Source advisory: OSV:GHSA-2VPQ-FH52-J3WV...

acedeploy (>=2.4.15 <=2.4.115), aigc-evals (>=0.0.2 <=0.0.3) +131 more potentially affected by CVE-2025-24793 via snowflake-connector-python (>=2.2.5 <=3.13.0)

snowflake-connector-python PYPI version =2.2.5, =2.4.15, =0.0.2, =2.4.0, =0.0.4, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.5.83, =0.4.0, =1.0.8, =1.0.11 and more Source cves: CVE-2025-24793 Source advisory: SNYK:PYTHON-SNOWFLAKECONNECTORPYTHON-8674928...

Deserialization of Untrusted Data

Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the insecure handling of serialization exceptions which is not supported for all exceptions. This is because The OCSP response cache...

GHSA-M4F6-VCJ4-W5MX snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache

Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue...

acedeploy (>=2.4.15 <=2.4.115), arreyy (=0.0.1) +89 more potentially affected by CVE-2025-24794 via snowflake-connector-python (>=2.7.12 <=3.13.0)

snowflake-connector-python PYPI version =2.7.12, =2.4.15, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =0.7.0, =0.7.3 and more Source cves: CVE-2025-24794 Source advisory: SNYK:PYTHON-SNOWFLAKECONNECTORPYTHON-8674925...

acedeploy (>=2.4.15 <=2.4.115), arreyy (=0.0.1) +89 more potentially affected by CVE-2025-24794 via snowflake-connector-python (>=2.7.12 <=3.13.0)

snowflake-connector-python PYPI version =2.7.12, =2.4.15, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =0.7.0, =0.7.3 and more Source cves: CVE-2025-24794 Source advisory: OSV:GHSA-M4F6-VCJ4-W5MX...

GHSA-R2X6-CJG7-8R43 snowflake-connector-python vulnerable to insecure cache files permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects version...

acedeploy (>=2.4.15 <=2.4.115), apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1) +108 more potentially affected by CVE-2025-24795 via snowflake-connector-python (>=2.3.7 <=3.13.0)

snowflake-connector-python PYPI version =2.3.7, =2.4.15, =2.4.0, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =1.1.4 - datacontract-cli =0.10.4 and more Source cves: CVE-2025-24795 Source advisory: OSV:GHSA-R2X6-CJG7-8R43...

CVE-2025-24794 The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

Insertion of Sensitive Information into Log File

Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging of sensitive information when the logging level is set to DEBUG. An attacker can access sensitive data su...

aigc-evals (>=0.0.2 <=0.0.3), apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1) +103 more potentially affected by CVE-2023-34233 via snowflake-connector-python (>=1.7.11 <=3.0.0)

snowflake-connector-python PYPI version =1.7.11, =0.0.2, =2.4.0, =0.0.4, =0.1.0, =1.13.21, =20230717.1.0, =0.5.83, =0.1.0, =0.4.0, =0.5.1, =1.0.5, =1.0.6 - dataligo =0.6.1 and more Source cves: CVE-2023-34233 Source advisory: OSV:GHSA-5W5M-PFW9-C8FP...

CVE-2023-34233

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...

Snowflake snowflake-connector-python 命令注入漏洞

Snowflake snowflake-connector-python is Snowflake's Snowflake connector for Python, which conforms to the Python DB API 2.0 specification. A command injection vulnerability exists in Snowflake snowflake-connector-python versions prior to 3.0.2. An attacker could exploit this vulnerability to caus...