Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/snowflake-sdk@2.0.0
Typenpm
Namespace
Namesnowflake-sdk
Version2.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.4
Latest_non_vulnerable_version2.0.4
Affected_by_vulnerabilities
0
url VCID-ktf5-mwef-abgt
vulnerability_id VCID-ktf5-mwef-abgt
summary snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24791
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06308
published_at 2026-06-11T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06319
published_at 2026-06-13T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.0633
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24791
1
reference_url https://github.com/snowflakedb/snowflake-connector-nodejs
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snowflakedb/snowflake-connector-nodejs
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24791
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24791
3
reference_url https://github.com/snowflakedb/snowflake-connector-nodejs/commit/89731b3a4d61a75b721d13d4e47a7a3712ffa45f
reference_id 89731b3a4d61a75b721d13d4e47a7a3712ffa45f
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:08:41Z/
url https://github.com/snowflakedb/snowflake-connector-nodejs/commit/89731b3a4d61a75b721d13d4e47a7a3712ffa45f
4
reference_url https://github.com/advisories/GHSA-xfhv-wqj6-rx99
reference_id GHSA-xfhv-wqj6-rx99
reference_type
scores
url https://github.com/advisories/GHSA-xfhv-wqj6-rx99
5
reference_url https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-xfhv-wqj6-rx99
reference_id GHSA-xfhv-wqj6-rx99
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:08:41Z/
url https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-xfhv-wqj6-rx99
fixed_packages
0
url pkg:npm/snowflake-sdk@2.0.2
purl pkg:npm/snowflake-sdk@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@2.0.2
aliases CVE-2025-24791, GHSA-xfhv-wqj6-rx99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ktf5-mwef-abgt
1
url VCID-t8zh-z4zt-syc3
vulnerability_id VCID-t8zh-z4zt-syc3
summary snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Driver. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 2.0.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46328
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08288
published_at 2026-06-11T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.08326
published_at 2026-06-13T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.08325
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46328
1
reference_url https://github.com/snowflakedb/snowflake-connector-nodejs
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/snowflakedb/snowflake-connector-nodejs
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46328
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46328
3
reference_url https://github.com/snowflakedb/snowflake-connector-nodejs/commit/e94c24112271e1f44c271634bf29a3188acc68d0
reference_id e94c24112271e1f44c271634bf29a3188acc68d0
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:41:05Z/
url https://github.com/snowflakedb/snowflake-connector-nodejs/commit/e94c24112271e1f44c271634bf29a3188acc68d0
4
reference_url https://github.com/advisories/GHSA-wmjq-jrm2-9wfr
reference_id GHSA-wmjq-jrm2-9wfr
reference_type
scores
url https://github.com/advisories/GHSA-wmjq-jrm2-9wfr
5
reference_url https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-wmjq-jrm2-9wfr
reference_id GHSA-wmjq-jrm2-9wfr
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:41:05Z/
url https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-wmjq-jrm2-9wfr
fixed_packages
0
url pkg:npm/snowflake-sdk@2.0.4
purl pkg:npm/snowflake-sdk@2.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@2.0.4
aliases CVE-2025-46328, GHSA-wmjq-jrm2-9wfr
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8zh-z4zt-syc3
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@2.0.0