CRITICAL9.8CVE-2024-22682DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.
from 0, < 0.9.3.dev6
HIGH7.5CVE-2024-41672sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
>= 1.0.0, < 1.1.0
HIGH7.5CVE-2024-41672sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
from 0, < c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a, < c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a | from 0, < 1.1.0
MEDIUM6.5DuckDB is a SQL database management system.