CVE-2025-64429
- EPSS 0.01%
- Veröffentlicht 12.11.2025 21:32:45
- Zuletzt bearbeitet 25.11.2025 17:50:44
DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number gen...
CVE-2025-59037
- EPSS 0.06%
- Veröffentlicht 09.09.2025 20:26:57
- Zuletzt bearbeitet 11.09.2025 17:14:25
DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of DuckDB...
CVE-2024-41672
- EPSS 0.47%
- Veröffentlicht 24.07.2024 18:15:05
- Zuletzt bearbeitet 21.11.2024 09:32:56
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem ev...