CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

osquery Command Injection Vulnerability

osquery is a SQL-driven framework for operating system detection, monitoring and analysis. A command injection vulnerability exists in osquery versions prior to 4.6.0, which stems from the fact that by using additional predicates in sqlite, a person with osquery administrative access can read and...