duckdb

Latest secure version 1.6.0.dev12

DuckDB in-process database

MIT

Known vulnerabilities and security issues detected in the extension's dependencies and code.

Vulnerability ID	Advisory				Affected Versions
CVE-2024-41672	Content in filesystem is accessible for reading using sniff_csv, even with enable_external_access=false.	High	–	–	>=1.0.0,<1.1.0
CVE-2020-10531	Affected versions of this package are vulnerable to a Heap Buffer Overflow. The cloned UnicodeString::doAppend() method inside DuckDB’s ICU extension fails to detect 32-bit signed-integer overflow whe…	High	–	–	<1.3.0

Additional security issues found by Safety, exclusive to our platform.

Safety discovered vulnerability data is available for Enterprise customers

Book a call with us to see Safety in action.

Functions linked to known vulnerabilities in this package.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.