trino vulnerabilities

Known vulnerabilities in the trino package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2025-48734	<475-r6
L GHSA-53wx-pr6q-m3j5	<475-r6
C External Control of File Name or Path	<475-r6
L GHSA-wxr5-93ph-8wr9	<475-r6
L CVE-2025-22871	<474-r2
L GHSA-g9pc-8g42-g6vq	<474-r2
L Information Exposure Through Log Files	<472-r0
M Loop with Unreachable Exit Condition ('Infinite Loop')	<472-r0
L CVE-2024-32888	<472-r0
L GHSA-qphf-w3cq-jpmx	<472-r0
M CVE-2024-6763	<472-r0
L GHSA-x3wm-hffr-chwm	<472-r0
L GHSA-qh8g-58pp-2wxh	<472-r0
L GHSA-q298-375f-5q63	<472-r0
L GHSA-r7pg-v2c8-mfg3	<472-r0
L Deserialization of Untrusted Data	<472-r0
L Deserialization of Untrusted Data	<472-r0
L GHSA-8355-xj3p-hv6q	<472-r0
L CVE-2024-57699	<471-r0
L GHSA-pq2g-wx69-c263	<471-r0
L Improper Input Validation	<470-r3
L GHSA-4g8c-wm8x-jfhw	<470-r3
L CVE-2024-45336	<469-r2
L GHSA-3f6r-qh9c-x6mm	<469-r2
L CVE-2024-34155	<469-r2
L CVE-2024-34156	<469-r2
L GHSA-7wrw-r4p8-38rx	<469-r2
L GHSA-crqm-pwhx-j97f	<469-r2
L GHSA-j7vj-rw65-4v26	<469-r2
L CVE-2024-45341	<469-r2
L CVE-2024-34158	<469-r2
L GHSA-8xfx-rj4p-23jm	<469-r2
L Untrusted Search Path	<472-r0
L GHSA-33g6-495w-v8j2	<472-r0
H Incorrect Conversion between Numeric Types	<469-r0
L GHSA-w33c-445m-f8w7	<469-r0
L GHSA-7hpq-3g6w-pvhf	<472-r0
L Incorrect Default Permissions	<472-r0
L CVE-2024-12798	<468-r1
L GHSA-pr98-23f8-jwxv	<468-r1
L CVE-2024-12801	<468-r1
L GHSA-6v67-2wr5-gvf4	<468-r1
L GHSA-xpw8-rcwv-8f8p	<464-r0
L CVE-2024-7254	<464-r0
L GHSA-735f-pc8j-v9w8	<464-r0
L GHSA-f686-hw9c-xw9c	<472-r0
L CVE-2024-43382	<472-r0
C XML External Entity (XXE) Injection	<453-r2
H Improper Initialization	<453-r2
L GHSA-fj2m-w3wv-x9pr	<453-r2
L GHSA-w7f5-jrpr-5c2m	<453-r2
L GHSA-5v8f-xx9m-wj44	<453-r1
H Missing Encryption of Sensitive Data	<453-r1
L GHSA-m5vv-6r4h-3vj9	<452-r0
M Race Condition	<452-r0
L GHSA-jhcr-hph9-g7wm	<449-r0
L GHSA-973x-65j7-xcf4	<449-r0
L CVE-2024-36114	<449-r0
C Deserialization of Untrusted Data	<449-r0
L GHSA-3832-9276-x7gf	<445-r0
M Improper Certificate Validation	<445-r0
L GHSA-9w38-p64v-xpmv	<444-r1
L Out-of-bounds Write	<444-r1
L Out-of-bounds Write	<444-r1
L GHSA-xjp4-hw94-mvp5	<444-r1
L GHSA-5jpm-x58v-624v	<444-r0
L CVE-2024-29025	<444-r0
L GHSA-cgwf-w82q-5jrr	<444-r0
H CVE-2024-23450	<444-r0
M CVE-2023-42503	<444-r0
L GHSA-w5gg-2q56-6h4f	<444-r0
L Missing Authorization	<443-r0
L GHSA-r978-9m6m-6gm6	<443-r0
L GHSA-g2fg-mr77-6vrm	<440-r0
H Resource Exhaustion	<440-r0
M File and Directory Information Exposure	<440-r0
L GHSA-vx85-mj8c-4qm6	<440-r0
M CVE-2020-13956	<440-r0
L GHSA-7r82-7xv7-xcpj	<440-r0
H Loop with Unreachable Exit Condition ('Infinite Loop')	<440-r0
L GHSA-rj7p-rfgp-852x	<440-r0
L GHSA-xfg6-62px-cxc2	<439-r2
C SQL Injection	<439-r2
L GHSA-24rp-q3w6-vc56	<439-r2
L GHSA-4265-ccf5-phj5	<439-r2
L GHSA-4g9r-vxhx-9pgx	<439-r2
M Loop with Unreachable Exit Condition ('Infinite Loop')	<439-r2
M Allocation of Resources Without Limits or Throttling	<439-r2
L GHSA-6phf-73q6-gh87	<439-r0
H Deserialization of Untrusted Data	<439-r0
L Incorrect Permission Assignment for Critical Resource	<439-r0
H CVE-2022-3510	<439-r0
M CVE-2021-22569	<439-r0
L GHSA-7g45-4rm6-3mm3	<439-r0
H CVE-2022-3509	<439-r0
L GHSA-g5ww-5jh7-63cx	<439-r0
L GHSA-wrvw-hg22-4m67	<439-r0
H CVE-2022-3171	<439-r0
L GHSA-h4h5-3hr4-j3g2	<439-r0
L GHSA-4gg5-vx3j-xwc7	<439-r0
H Files or Directories Accessible to External Parties	<439-r0
H Deserialization of Untrusted Data	<439-r0
L GHSA-5mg8-w23w-74h3	<439-r0
L GHSA-4jrv-ppp4-jm57	<439-r0
M CVE-2023-51074	<437-r0
L GHSA-pfh2-hfmq-phg5	<437-r0
L GHSA-xjhv-p3fv-x24r	<433-r1
L GHSA-vmq6-5m68-f53m	<434-r0
H Deserialization of Untrusted Data	<434-r0
H Directory Traversal	<433-r1

Vulnerability

Vulnerable Version

CVE-2025-48734

<475-r6

GHSA-53wx-pr6q-m3j5

<475-r6

External Control of File Name or Path

<475-r6

GHSA-wxr5-93ph-8wr9

<475-r6

CVE-2025-22871

<474-r2