Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/34062?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/34062?format=api", "purl": "pkg:pypi/snowflake-connector-python@2.2.1", "type": "pypi", "namespace": "", "name": "snowflake-connector-python", "version": "2.2.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.13.1", "latest_non_vulnerable_version": "3.13.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110333?format=api", "vulnerability_id": "VCID-5x5x-gsmd-1fdk", "summary": "snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)\nAn exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36817", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36855", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36843", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36881", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36916", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42965" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python/commit/b9d2fc789fae4db865dde3d2a1bd72c8a9eab091", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python/commit/b9d2fc789fae4db865dde3d2a1bd72c8a9eab091" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python/pull/1327", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python/pull/1327" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v2.8.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v2.8.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42965", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42965" }, { "reference_url": "https://research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185" }, { "reference_url": "https://research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185/", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:19:00Z/" } ], "url": "https://research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185/" }, { "reference_url": "https://github.com/advisories/GHSA-4r6j-fwcx-94cf", "reference_id": "GHSA-4r6j-fwcx-94cf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4r6j-fwcx-94cf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34110?format=api", "purl": "pkg:pypi/snowflake-connector-python@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2amp-fxnp-43d1" }, { "vulnerability": "VCID-t3ct-ta9k-ybgg" }, { "vulnerability": "VCID-t413-ddph-dub6" }, { "vulnerability": "VCID-vwxy-7a1x-f3fr" }, { "vulnerability": "VCID-xwfz-x5xq-8keg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/snowflake-connector-python@2.8.2" } ], "aliases": [ "CVE-2022-42965", "GHSA-4r6j-fwcx-94cf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5x5x-gsmd-1fdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36460?format=api", "vulnerability_id": "VCID-t413-ddph-dub6", "summary": "The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 3.0.2 contains a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.56197", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68384", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68361", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68376", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34233" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/snowflake-connector-python/PYSEC-2023-88.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/snowflake-connector-python/PYSEC-2023-88.yaml" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python/commit/1cdbd3b1403c5ef520d7f4d9614fe35165e101ac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-06T19:38:23Z/" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python/commit/1cdbd3b1403c5ef520d7f4d9614fe35165e101ac" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python/pull/1480", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-06T19:38:23Z/" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python/pull/1480" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5w5m-pfw9-c8fp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-06T19:38:23Z/" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5w5m-pfw9-c8fp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34233", "reference_id": "CVE-2023-34233", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34233" }, { "reference_url": "https://github.com/advisories/GHSA-5w5m-pfw9-c8fp", "reference_id": "GHSA-5w5m-pfw9-c8fp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5w5m-pfw9-c8fp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34115?format=api", "purl": "pkg:pypi/snowflake-connector-python@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2amp-fxnp-43d1" }, { "vulnerability": "VCID-t3ct-ta9k-ybgg" }, { "vulnerability": "VCID-vwxy-7a1x-f3fr" }, { "vulnerability": "VCID-xwfz-x5xq-8keg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/snowflake-connector-python@3.0.2" } ], "aliases": [ "CVE-2023-34233", "GHSA-5w5m-pfw9-c8fp", "PYSEC-2023-88" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t413-ddph-dub6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36907?format=api", "vulnerability_id": "VCID-vwxy-7a1x-f3fr", "summary": "The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes (when specified via the `passcode` parameter) and Azure SAS tokens. Additionally, the SecretDetector logging formatter, if enabled, contained bugs which caused it to not fully redact JWT tokens and certain private key formats. Snowflake released version 3.12.3 of the Snowflake Connector for Python, which fixes the issue. In addition to upgrading, users should review their logs for any potentially sensitive information that may have been captured.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33109", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33071", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33053", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33085", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33123", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49750" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/snowflake-connector-python/PYSEC-2024-191.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/snowflake-connector-python/PYSEC-2024-191.yaml" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python/commit/dbc9284a3c0382c131b971b35e8d6ab93c46f37a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T17:18:32Z/" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python/commit/dbc9284a3c0382c131b971b35e8d6ab93c46f37a" }, { "reference_url": "https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5vvg-pvhp-hv2m", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T17:18:32Z/" } ], "url": "https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5vvg-pvhp-hv2m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49750", "reference_id": "CVE-2024-49750", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49750" }, { "reference_url": "https://github.com/advisories/GHSA-5vvg-pvhp-hv2m", "reference_id": "GHSA-5vvg-pvhp-hv2m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vvg-pvhp-hv2m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43747?format=api", "purl": "pkg:pypi/snowflake-connector-python@3.12.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2amp-fxnp-43d1" }, { "vulnerability": "VCID-t3ct-ta9k-ybgg" }, { "vulnerability": "VCID-xwfz-x5xq-8keg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/snowflake-connector-python@3.12.3" } ], "aliases": [ "CVE-2024-49750", "GHSA-5vvg-pvhp-hv2m", "PYSEC-2024-191" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vwxy-7a1x-f3fr" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/snowflake-connector-python@2.2.1" }