snowflake-sdk

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting snowflake-sdkpage 1 of 1

CVE-2023-34232HIGHCVSS 7.3EG 7.3✓ Fixed in 1.6.21
2023-06-08
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an atta…
CVE-2025-24791MEDIUMCVSS 4.4EG 4.4✓ Fixed in 2.0.2
2025-01-29
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker wit…
CVE-2025-46328LOWCVSS 3.3EG 3.3✓ Fixed in 2.0.4
2025-04-28
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS th…

Check whether snowflake-sdk is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for snowflake-sdk CVEs against the assets you own.

Start Free Scan →