from 0
CRITICAL9.8CVE-2025-3277An integer overflow can be triggered in SQLite’s `concat_ws()` function. from 0, < 3.46.1-3
CRITICAL9.8CVE-2020-35527In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. from 0, < 3.32.0-1
CRITICAL9.8In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a comp…
from 0, < 3.32.0-1
CRITICAL9.8SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree…
from 0, < 3.27.2-3
CRITICAL9.8sqlite3 - security update
from 0, < 3.7.13-1+deb7u4
CRITICAL9.8sqlite3 - security update
from 0, < 3.8.7.1-1+deb8u4
CRITICAL9.8sqlite3 - security update
from 0, < 3.19.3-3
CRITICAL9.8An issue was discovered in certain Apple products.
from 0, < 3.16.2-1
CRITICAL9.8An issue was discovered in certain Apple products.
from 0, < 3.16.0-1
CRITICAL9.8An issue was discovered in certain Apple products.
from 0, < 3.15.2-1
CRITICAL9.8An issue was discovered in certain Apple products.
from 0, < 3.15.2-1
CRITICAL9.1SQLite integer overflow in key info allocation may lead to information disclosure.
from 0
HIGH8.8Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corrupt…
from 0, < 3.27.2-3
HIGH8.1An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0.
from 0, < 3.27.2-3
HIGH8.1SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries i…
from 0, < 3.25.3-1
HIGH8.1sqlite3 - security update
from 0, < 3.8.7.1-1+deb8u3
HIGH8.1sqlite3 - security update
from 0, < 3.25.3-1
HIGH8.1sqlite3 - security update
from 0, < 3.16.2-5+deb9u2
HIGH7.8SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate
from 0
HIGH7.8SQLite before 3.53.2 Memory Corruption in FTS5 Extension
from 0
HIGH7.5An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to o…
from 0
HIGH7.5Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside func…
from 0
HIGH7.5In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-alloc…
from 0, < 3.46.1-3
HIGH7.5An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.
from 0, < 3.36.0-2
HIGH7.5sqlite3 - security update
from 0, < 3.27.2-3+deb10u2
HIGH7.5sqlite3 - security update
from 0, < 3.32.0-1
HIGH7.5`libsqlite3-sys` via C SQLite CVE-2022-35737
from 0
HIGH7.5sqlite3 - security update
from 0, < 3.34.1-3+deb11u1
HIGH7.5sqlite3 - security update
from 0, < 3.34.1-3+deb11u1
HIGH7.5SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
from 0, < 3.32.2-2
HIGH7.5sqlite3 - security update
from 0, < 3.8.7.1-1+deb8u5
HIGH7.5sqlite3 - security update
from 0, < 3.31.1-5
HIGH7.5In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generate…
from 0, < 3.31.1-3
HIGH7.5ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, l…
from 0, < 3.30.1+fossil191229-1
HIGH7.5sqlite3 - regression update
from 0, < 3.16.2-5+deb9u3
HIGH7.5sqlite3 - regression update
from 0, < 3.30.1+fossil191229-1
HIGH7.5zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
from 0, < 3.30.1+fossil191229-1
HIGH7.5flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side…
from 0, < 3.30.1+fossil191229-1
HIGH7.5chromium - security update
from 0, < 3.30.1+fossil191229-1
HIGH7.5SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
from 0, < 3.30.1+fossil191229-1
HIGH7.5sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORD…
from 0, < 3.30.1+fossil191229-1
HIGH7.5SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (applicat…
from 0, < 3.25.3-1
HIGH7.5In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference…
from 0, < 3.27.2-2
HIGH7.5In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqli…
from 0, < 3.27.2-2
HIGH7.5In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, rel…
from 0, < 3.22.0-2
HIGH7.5SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(p…
from 0, < 3.20.1-2
HIGH7.3SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
from 0, < 3.34.1-3+deb11u1
HIGH7.3SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctio…
from 0, < 3.40.0-2
HIGH7.0ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
from 0, < 3.32.0-1
MEDIUM6.5In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a s…
from 0, < 3.29.0-2
MEDIUM5.9SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
from 0, < 3.30.1+fossil191229-1
MEDIUM5.9sqlite3 - security update
from 0, < 3.7.13-1+deb7u3
MEDIUM5.9sqlite3 - security update
from 0, < 3.13.0-1
MEDIUM5.5In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (applica…
from 0
MEDIUM5.5Sqlite: use-after-free bug in jsonparseaddnodearray
from 0, < 3.43.2-1
MEDIUM5.5Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted scrip…
from 0, < 3.27.2-1
MEDIUM5.5A flaw was found in SQLite's SELECT query functionality (src/select.c).
from 0, < 3.34.1-1
MEDIUM5.5In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse…
from 0, < 3.32.3-1
MEDIUM5.5ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
from 0, < 3.32.0-1
MEDIUM5.5SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
from 0, < 3.32.0-1
MEDIUM5.5SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
from 0, < 3.32.1-1
MEDIUM5.5sqlite3 - security update
from 0, < 3.32.1-1
MEDIUM5.5sqlite3 - security update
from 0, < 3.8.7.1-1+deb8u6
MEDIUM5.5alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction…
from 0, < 3.30.1+fossil191229-1
MEDIUM5.5The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via…
from 0, < 3.20.1-1
MEDIUM5.3SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c.
from 0, < 3.30.1+fossil191229-1
MEDIUM4.3A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Da…
from 0
—An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension.
from 0
—Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL…
from 0, < 3.8.3-1
—sqlite3 - security update
from 0, < 3.7.13-1+deb7u2
—sqlite3 - security update
from 0, < 3.8.9-1
—The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-depend…
from 0, < 3.8.9-1
—sqlite3 - security update
from 0, < 3.8.7.1-1+deb8u1
—sqlite3 - security update
from 0, < 3.8.9-1