Security: ClickHouse/ClickHouse
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
ClickHouse HTTP header CRLF injectionGHSA-8j36-9622-f5cj published
Apr 10, 2025 by santranciscoModerate -
CVE-2025-1385- Fail input validation in clickhouse-library-bridge API could lead to RCEGHSA-5phv-x8x4-83x5 published
Mar 20, 2025 by santranciscoHigh -
Specially crafted request could caused undefined behavior which may lead to Remote Code Execution.GHSA-432f-r822-j66f published
Aug 1, 2024 by santranciscoHigh -
Role-based Access Control is bypassed when query caching is enabled.GHSA-45h5-f7g3-gr8r published
Mar 18, 2024 by santranciscoLow -
Unauthenticated heap buffer overflow in Gorrila codec decompressionGHSA-5rmf-5g48-xv63 published
Dec 18, 2023 by santranciscoHigh -
Unauthenticated Integer underflow leading to stack overflow in FPC codec decompressionGHSA-qw9f-qv29-8938 published
Dec 18, 2023 by santranciscoModerate -
Heap buffer overflow in T64 codec decompressionGHSA-g22g-p6q2-x39v published
Dec 18, 2023 by santranciscoHigh