Gosnowflake
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Gosnowflake.
By the Year
In 2026 there have been 0 vulnerabilities in Gosnowflake. Last year, in 2025 Gosnowflake had 1 security vulnerability published. Right now, Gosnowflake is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 7.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 8.80 |
It may take a day or so for new Gosnowflake vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gosnowflake Security Vulnerabilities
TOCTOU in Snowflake's gosnowflake Driver before 1.13.3 (Linux, macOS)
CVE-2025-46327
7 - High
- April 28, 2025
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Driver. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 1.13.3.
TOCTTOU
gosnowflake <=1.6.18 RCE via SSO URL Command Injection
CVE-2023-34231
8.8 - High
- June 08, 2023
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the users local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gosnowflake or by Snowflake? Click the Watch button to subscribe.
