sqlite · threatengine.sh

CVE-2025-70873

< 3.51.1

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attac

7.5HIGH

CVE-2025-7458

>= 3.39.2 and < 3.41.2

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with th

9.1CRITICAL

CVE-2025-6965

< 3.50.2

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of colum

9.8CRITICAL

CVE-2025-3277

>= 3.44.0 and < 3.49.1

An integer overflow can be triggered in SQLite’s concat_ws() function. The resulting, truncated integer is then used to alloca

9.8CRITICAL

CVE-2025-29088

all versions

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service

5.6MEDIUM

CVE-2025-29087

>= 3.44.0 and < 3.49.1

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a mal

3.2LOW

CVE-2024-0232

>= 3.43.0 and < 3.43.2

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a

4.7MEDIUM

CVE-2023-7104

<= 3.43.0

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRe

5.5MEDIUM

CVE-2021-31239

all versions

An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.

7.5HIGH

CVE-2022-46908

>= 3.37.0 and < 3.40.1

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibit

7.3HIGH

CVE-2020-35527

all versions

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

9.8CRITICAL

CVE-2020-35525

all versions

In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.

7.5HIGH

CVE-2022-35737

>= 1.0.12 and < 3.39.2

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string arg

7.5HIGH

CVE-2021-45346

all versions

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editi

4.3MEDIUM

CVE-2021-36690

all versions

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when th

7.5HIGH

CVE-2021-20227

>= 3.33.0 and < 3.34.1

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL

5.5MEDIUM

CVE-2020-15358

< 3.32.3

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because o

5.5MEDIUM

CVE-2020-13871

all versions

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late

7.5HIGH

CVE-2020-13632

< 3.32.0

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

5.5MEDIUM

CVE-2020-13631

< 3.32.0

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

5.5MEDIUM

CVE-2020-13630

< 3.32.0

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

7.0HIGH

CVE-2020-13435

<= 3.32.0

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

5.5MEDIUM

CVE-2020-13434

<= 3.32.0

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

5.5MEDIUM

CVE-2020-11656

<= 3.31.1

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs

9.8CRITICAL

CVE-2020-11655

<= 3.31.1

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query bec

7.5HIGH

CVE-2020-9327

all versions

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of

7.5HIGH

CVE-2019-19959

all versions

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in fil

7.5HIGH

CVE-2019-20218

all versions

selectExpander in select.c in SQLite 3.30.1 proceeds with stack unwinding even after a parsing error.

7.5HIGH

CVE-2019-19925

all versions

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

7.5HIGH

CVE-2019-19924

all versions

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sq

5.3MEDIUM

CVE-2019-19923

all versions

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-h

7.5HIGH

CVE-2019-19926

all versions

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRew

7.5HIGH

CVE-2019-19880

all versions

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant intege

7.5HIGH

CVE-2019-19646

<= 3.30.1

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

9.8CRITICAL

CVE-2019-19603

all versions

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

7.5HIGH

CVE-2019-19645

<= 3.30.1

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in con

5.5MEDIUM

CVE-2019-19317

all versions

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attac

9.8CRITICAL

CVE-2019-19242

all versions

SQLite 3.30.1 mishandles pExpr-y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

5.9MEDIUM

CVE-2019-19244

all versions

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has ce

7.5HIGH

CVE-2019-16168

>= 3.8.5 and <= 3.29.0

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validati

6.5MEDIUM

CVE-2019-8457

>= 3.6.0 and <= 3.27.2

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling inval

9.8CRITICAL

CVE-2019-5018

all versions

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL

8.1HIGH

CVE-2018-20506

< 3.25.3

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3

8.1HIGH

CVE-2018-20505

<= 3.25.2

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service

7.5HIGH

CVE-2019-9937

all versions

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Der

7.5HIGH

CVE-2019-9936

all versions

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySor

7.5HIGH

CVE-2018-20346

< 3.25.3

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3

8.1HIGH

CVE-2018-8740

<= 3.22.0

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer derefer

7.5HIGH

CVE-2017-15286

all versions

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlit

7.5HIGH

CVE-2017-13685

all versions

The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application c

5.5MEDIUM

CVE-2017-10989

<= 3.19.3

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized

9.8CRITICAL

CVE-2016-6153

<= 3.12.2

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to

5.9MEDIUM

CVE-2015-6607

<= 3.8.8.3

SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka in

CVE-2015-5895

<= 3.8.10.1

Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vect

CVE-2013-7443

all versions

Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via cra

CVE-2015-3717

< 3.8.9

Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow re

CVE-2015-3416

<= 3.8.8.3

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floatin

CVE-2015-3415

<= 3.8.8.3

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows conte

CVE-2015-3414

<= 3.8.8.3

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attacker

CVE-2008-6593

all versions

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject

CVE-2008-6592

all versions

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attacke

CVE-2008-6590

all versions

Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2

CVE-2008-6589

all versions

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite vers