redshift-connector
PyPI3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting redshift-connectorpage 1 of 1
- CVE-2024-12745HIGHCVSS 8.0EG 8.0✓ Fixed in 2.1.52024-12-24
vulnerable: 2.1.4
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert…
- CVE-2025-5279HIGHCVSS 7.0EG 7.0✓ Fixed in 2.1.72025-05-27
vulnerable: 2.0.872 ... 2.1.6 (44 versions)
When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to i…
- CVE-2026-8838CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.1.142026-05-18
vulnerable: 2.0.384 ... 2.1.9 (58 versions)
Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate thi…
Check whether redshift-connector is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for redshift-connector CVEs against the assets you own.
Start Free Scan →