products / sqlite
SQLite
SQLite is an embedded SQL engine used inside applications, browsers, and mobile OSes. NVD tracks it as sqlite:sqlite. CVE volume is lower than client-server databases but includes real memory-safety defects.
api usage
Querying SQLite
product slug
sqliteversion format
3.39.1, 3.45.0bash
curl "https://api.attestd.io/v1/check?product=sqlite&version=3.39.1" \
-H "Authorization: Bearer $ATTESTD_KEY"Spot-check CVE-2022-35737 (out-of-bounds read).risk_state may be low or high depending on synthesis flags — verify live.
json
{
"product": "sqlite",
"version": "3.39.1",
"supported": true,
"risk_state": "high",
"risk_factors": ["patch_available"],
"actively_exploited": false,
"remote_exploitable": false,
"authentication_required": false,
"patch_available": true,
"fixed_version": "3.39.2",
"confidence": 0.80,
"cve_ids": ["CVE-2022-35737"],
"last_updated": "2026-04-03T00:00:00Z"
}cleaner line
Newer release
bash
curl "https://api.attestd.io/v1/check?product=sqlite&version=3.49.0" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2022-35737 | Out-of-bounds read when a crafted query uses a long string. | 3.39.x | 7.5 |
CVE-2021-36690 | Use-after-free in ALTER TABLE paths. | 3.36.x | 7.3 |
CVE-2020-35527 | NULL pointer dereference via crafted SQL. | 3.31–3.33 | 7.5 |
CVE-2019-19646 | Authorization bypass when trusted schema is off. | 3.30.x | 9.8 |
CVE-2023-7104 | Memory safety / integer handling (verify NVD). | see NVD | 7.3 |
related