ClickHouse Response to the Axios npm Supply Chain Compromise

Trust center

Start your security review

View & download sensitive information

Ask for information

Overview

Welcome to ClickHouse's Trust center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust center to learn about our security posture and request access to our security documentation.

Compliance

Documents

DOCUMENTSBYOC shared responsibility model

DOCUMENTSClickHouse 2025 Non Resident Tax Form

DOCUMENTSClickHouse W9

DOCUMENTSData processing locations

DOCUMENTSForm 10F

DOCUMENTSNo PE Form - India

DOCUMENTSSecurity cloud responsibility matrix

REPORTSPCI DSS - SAQ A

REPORTSPentest report

REPORTSVulnerability assessment report

COMPLIANCEHIPAA

COMPLIANCEISO/IEC 27001

Risk profile

Data access levelRestricted

Impact levelModerate

Critical dependenceYes

Product security

Audit logging

Data security

Integrations

Reports

PCI DSS - SAQ A

Pentest report

Vulnerability assessment report

Data security

Access monitoring

Data erasure

Data Masking

App security

Responsible disclosure

Bot detection

Secure development training

Legal

Acceptable Use Policy

ClickHouse Security Standards

Data Processing Addendum

Data privacy

Data breach notifications

Employee privacy training

Access control

Data access

Logging

Password security

Infrastructure

Status monitoring

Amazon Web Services

Anti-DDoS

Endpoint security

Disk encryption

Endpoint detection and response

Mobile device management

Network security

IDS/IPS

Security information and event management

Virtual private cloud

Corporate security

Employee training

HR security

Incident Response

Internal Policies

Data classification policy

Information security policy

Operations security policy

Security Grades

Qualys SSL Labs

clickhouse.cloud

A+

BC/DR

Data backup/backup protection

High availability

Knowledge Base (FAQ)

Federal: Is there a ClickHouse version that is secured for US Federal compliance?

Trust center Updates

ClickHouse Response to the Axios npm Supply Chain Compromise

Copy link

Vulnerabilities

ClickHouse Cloud is not impacted by the recently disclosed supply chain attack against the Axios npm package (axios@1.14.1 and axios@0.30.4), in which a compromised maintainer account was used to publish backdoored versions containing a cross-platform remote access trojan (RAT). No action is required by our customers.

ClickHouse Response to React (CVE-2025-55182) and Next.js (CVE-2025-66478) vulnerabilities

Copy link

Vulnerabilities

ClickHouse Cloud is not impacted by the recently published vulnerabilities affecting React (CVE-2025-55182) and Next.js (CVE-2025-66478). Our security team has completed a thorough investigation and confirmed that our platform does not utilize the specific React Server Components (RSC) configurations required for exploitation. No action is required by our customers.

ClickHouse Response to Shai-Hulud 2.0 Supply Chain Attacks

Copy link

Vulnerabilities

ClickHouse is not affected by the Shai-Hulud 2.0 npm supply chain attack. Our security team has audited our software supply chain and confirmed that our products and infrastructure remain secure. We continue to monitor the situation to ensure ongoing protection for our customers.

If you think you may have discovered a vulnerability, please send us a note.

Report issue