CVE-2022-24854

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

BIT-SUPERSET-2023-39265 Apache Superset: Possible Unauthorized Registration of SQLite Database Connections

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

CVE-2024-51748

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

CVE-2024-51747

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...

Malicious code in tree-sitter-sqlite (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6171aef6bf33d3a77ea0523c0609d12e396a579ce197757f9ac020689a6c2363 Any computer that has this package installed or running should be considered...

MAL-2025-1234 Malicious code in tree-sitter-sqlite (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6171aef6bf33d3a77ea0523c0609d12e396a579ce197757f9ac020689a6c2363 Any computer that has this package installed or running should be considered...

[SECURITY] Fedora 41 Update: buku-4.9-1.fc41

Buku is a powerful bookmark manager written in Python3 and SQLite3. Buku fetches the title of a bookmarked web page and stores it along with any additional comments and tags. You can use your favourite editor to compose and update bookmarks. With multiple search options, including regex and a dee...

Elspec G5 Digital Fault Recorder Improper Handling of Insufficient Permissions or Privileges (CVE-2024-22077)

An issue was discovered in Elspec G5 digital fault recorder. The SQLite database file has weak permissions. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descriptio...

CVE-2022-46908 affecting package sqlite 3.34.1-2

CVE-2022-46908 affecting package sqlite 3.34.1-2. This CVE either no longer is or was never applicable...

SQLite report about CVE-2025-29087

Duplicate of CVE-2025-3277...

SQLite report about CVE-2025-7709

An attacker who has complete control over the database content could create a corrupt FTS5 index resulting access to memory outside the bounds of an array due to integer overflow. Fixed on 2025-07-15...

SQLite report about CVE-2025-7458

An attacker who can inject arbitrary SQL statements into an application might be able to cause an integer overflow resulting in a read off the end of an array. Fixed on 2023-03-16...

SQLite report about CVE-2025-52099

Duplicate of CVE-2025-29088...

SQLite report about CVE-2025-29088

Passing out-of-bounds arguments to the C-language API routine sqlite3dbconfigdb,SQLITEDBCONFIGLOOKASIDE,... can lead to a crash and denial of service. Reported by Forum post 48f365daec. Complaint addressed by check-in 2025-02-17T14:16Z...

SQLite report about CVE-2025-70873

When using the zipfile extension not a part of standard SQLite but usually included in builds of the CLI, a malformed ZIP file input can result in an out-of-bounds read. Reported by forum post 2025-12-06T16:46:32Z and fixed in trunk by check-in 2025-12-06T23:58:09.413Z...

SQL Injection in default_jsonalyzer via prompt injection leads to arbitrary file creation

Target Link Description defaultjsonalyzer function used in JSONalyzeQueryEngine execute a sqlite query that llm made. If the attacker control the sqlite query with prompt injection and execute a malicious sqlite query, then Denial-of-Service attack and arbitrary file creation is possible. Root...

K000148494: SQLite vulnerability CVE-2020-13631

Security Advisory Description SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. CVE-2020-13631 Impact A local, authenticated attacker with root-level privileges can exploit the vulnerability to modify SQLite files...

F5 Networks BIG-IP : SQLite vulnerability (K000148494)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148494 advisory. SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c...

SQLite Vulnerable to Out-of-Bounds Memory Access via Insufficient Input Validation in 'sessionReadRecord' Function of 'Sessions' Extension

SQLite is vulnerable to an out-of-bounds memory access issue due to a lack of sufficient input validation in the sessionReadRecord function. An attacker could submit a crafted input in order to trigger the flaw which could allow for a 1-byte out-of-bounds read to occur which could lead to...