Sqlite

This hub aggregates every CVE we track for Sqlite, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Sqlite.

• CVE-2026-11824SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate7.8Jun 9, 2026
• CVE-2026-11822SQLite before 3.53.2 Memory Corruption in FTS5 Extension7.8Jun 9, 2026
• CVE-2025-70873An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.7.5Mar 12, 2026
• CVE-2025-7458SQLite integer overflow in key info allocation may lead to information disclosure.9.1Jul 29, 2025
• CVE-2025-6965Integer Truncation on SQLite9.8Jul 15, 2025
• CVE-2025-3277An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the bu...9.8Apr 14, 2025
• CVE-2025-29088In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64...5.6Apr 10, 2025
• CVE-2025-29087In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-control...3.2Apr 7, 2025
• CVE-2024-0232Sqlite: use-after-free bug in jsonparseaddnodearray4.7Jan 16, 2024
• CVE-2023-7104SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow5.5Dec 25, 2023
• CVE-2021-31239An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.7.5May 9, 2023
• CVE-2022-46908SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions ...7.3Dec 12, 2022
• CVE-2020-35527In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.9.8Sep 1, 2022
• CVE-2020-35525In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.7.5Sep 1, 2022
• CVE-2022-35737SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.7.5Aug 3, 2022