Sqlite CVE Vulnerabilities & CVE List (65)

Products (CPE): — CVEs: 65

Sqlite vulnerability overview

Aggregates CVE and security vulnerability intelligence across all Sqlite-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface data access scenarios.

Vulnerability distribution trend (last 24 months)

Showing 2140 of 65 CVEs
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2020-13632 ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. [email protected] 5.5 0.57% 2020-05-27 2026-06-16
CVE-2020-13631 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. [email protected] 5.5 0.62% 2020-05-27 2026-06-16
CVE-2020-13630 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. [email protected] 7.0 1.03% 2020-05-27 2026-06-16
CVE-2020-13435 SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. [email protected] 5.5 0.64% 2020-05-24 2026-06-16
CVE-2020-13434 SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. [email protected] 5.5 1.01% 2020-05-24 2026-06-16
CVE-2020-11656 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. [email protected] 9.8 7.41% 2020-04-08 2026-06-16
CVE-2020-11655 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. [email protected] 7.5 4.86% 2020-04-08 2026-06-16
CVE-2020-9327 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. [email protected] 7.5 3.68% 2020-02-21 2026-06-16
CVE-2019-19959 ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. [email protected] 7.5 3.24% 2020-01-03 2026-06-16
CVE-2019-20218 selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. [email protected] 7.5 3.62% 2020-01-02 2026-06-16
CVE-2019-19925 zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. [email protected] 7.5 6.81% 2019-12-24 2026-06-16
CVE-2019-19924 SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. [email protected] 5.3 7.86% 2019-12-24 2026-06-16
CVE-2019-19923 flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). [email protected] 7.5 6.81% 2019-12-24 2026-06-16
CVE-2019-19926 multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. [email protected] 7.5 7.00% 2019-12-22 2026-06-16
CVE-2019-19880 exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. [email protected] 7.5 6.94% 2019-12-18 2026-06-16
CVE-2019-19646 pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. [email protected] 9.8 5.38% 2019-12-09 2026-06-16
CVE-2019-19603 SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. [email protected] 7.5 8.25% 2019-12-09 2026-06-16
CVE-2019-19645 alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. [email protected] 5.5 0.57% 2019-12-09 2026-06-16
CVE-2019-19317 lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. [email protected] 9.8 4.28% 2019-12-05 2026-06-16
CVE-2019-19242 SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. [email protected] 5.9 2.54% 2019-11-27 2026-06-16
cvelogic Threat Intelligence