Maven · repo1.maven.org
org.questdb:questdb
Java Dynamic Classload: URLClassLoader / defineClass — runs attacker-provided bytecode.
Why PkgRadar flagged 9.4.3
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · io/questdb/cairo/map/RecordValueSinkFactory.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · io/questdb/cairo/RecordSinkFactory.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · io/questdb/std/datetime/microtime/MicrosFormatCompiler.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · io/questdb/std/BytecodeAssembler.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · io/questdb/griffin/engine/groupby/GroupByFunctionsUpdaterFactory.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · io/questdb/griffin/engine/orderby/RecordComparatorCompiler.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · io/questdb/std/datetime/nanotime/NanosFormatCompiler.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · io/questdb/std/datetime/millitime/DateFormatCompiler.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · io/questdb/griffin/RecordToRowCopierUtils.java |
| medium | Java Static Init Side Effect | Static-initializer block contains process/network/reflection — runs on first class load (contributory signal). · io/questdb/cutlass/http/HttpResponseSink.java |
| medium | Large Native Blob | 8059072 bytes · io/questdb/bin/linux-x86-64/libquestdbr.so |
| medium | Large Native Blob | 7252992 bytes · io/questdb/bin/windows-x86-64/questdbr.dll |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
9.4.3 | Review | 33 | 2026-06-15 |
Block this in CI
pkgradar gate --ecosystem maven org.questdb:[email protected]