snowplow CVE Vulnerabilities & Metrics

Focus on snowplow vulnerabilities and metrics.

Last updated: 18 May 2025, 22:25 UTC

About snowplow Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with snowplow. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total snowplow CVEs: 5
Earliest CVE date: 03 Apr 2025, 21:15 UTC
Latest CVE date: 03 Apr 2025, 21:15 UTC

Latest CVE reference: CVE-2024-56528

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 5

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical snowplow CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS snowplow CVEs

These are the five CVEs with the highest CVSS scores for snowplow, sorted by severity first and recency.

CVE-2024-56528 snowplow Published on 03 Apr 2025, 21:15 UTC (CVSS: 0)
This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.
CVE-2024-47215 snowplow Published on 03 Apr 2025, 21:15 UTC (CVSS: 0)
An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected (latency, throughput).
CVE-2024-47214 snowplow Published on 03 Apr 2025, 21:15 UTC (CVSS: 0)
An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.
CVE-2024-47213 snowplow Published on 03 Apr 2025, 21:15 UTC (CVSS: 0)
An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted.
CVE-2024-47212 snowplow Published on 03 Apr 2025, 21:15 UTC (CVSS: 0)
An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.

All CVEs for snowplow

CVE-2024-56528 snowplow vulnerability CVSS: 0 03 Apr 2025, 21:15 UTC

This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.

CVE-2024-47215 snowplow vulnerability CVSS: 0 03 Apr 2025, 21:15 UTC

An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected (latency, throughput).

CVE-2024-47214 snowplow vulnerability CVSS: 0 03 Apr 2025, 21:15 UTC

An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.

CVE-2024-47213 snowplow vulnerability CVSS: 0 03 Apr 2025, 21:15 UTC

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted.

CVE-2024-47212 snowplow vulnerability CVSS: 0 03 Apr 2025, 21:15 UTC

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.