postgresql

186 tracked vulnerabilities.

CVE-2026-6638 LOW
PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
May 14, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-6637 HIGH
PostgreSQL refint allows stack buffer overflow and SQL injection
May 14, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-6575 MEDIUM
PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array
May 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-6479 HIGH
PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
May 14, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-6478 MEDIUM
PostgreSQL discloses MD5-hashed passwords via covert timing channel
May 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-6477 HIGH
PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
May 14, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-6476 HIGH
PostgreSQL pg_createsubscriber allows SQL injection via subscription name
May 14, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-6475 HIGH
PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
May 14, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-6474 MEDIUM
PostgreSQL timeofday() can disclose portions of server memory
May 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-6473 HIGH
PostgreSQL server undersizes allocations, via integer wraparound
May 14, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-6472 MEDIUM
PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
May 14, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-42198 HIGH
pgjdbc 42.2.0 to before 42.7.11 - SCRAM Authentication Denial of Service
Apr 29, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2007 HIGH
PostgreSQL <18.1-18.0 - Buffer Overflow
Feb 12, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-2006 HIGH
PostgreSQL 14.0-14.20 - Remote Code Execution via Multibyte Character Length Mismanagement
Feb 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-2005 HIGH
PostgreSQL <18.2, 17.8, 16.12, 15.16, 14.21 - RCE
Feb 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-2004 HIGH
PostgreSQL <18.2, 17.8, 16.12, 15.16, 14.21 - RCE
Feb 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-2003 MEDIUM
PostgreSQL <18.2-14.21 - Info Disclosure
Feb 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-49146 HIGH
PostgreSQL JDBC Driver 42.7.4-42.7.6 - Improper Authentication via Channel Binding Bypass
Jun 11, 2025
CVSS 8.2
EPSS 0.00
CVE-2024-10979 HIGH
PostgreSQL <17.1-12.21 - Code Injection
Nov 14, 2024
CVSS 8.8
EPSS 0.07
CVE-2024-10978 MEDIUM
PostgreSQL <12.21,13.17,14.14,15.9,16.5,17.1 Privilege Assignment Flaw via SET ROLE/SESSION AUTHORIZATION
Nov 14, 2024
CVSS 4.2
EPSS 0.01
CVE-2024-10977 LOW
Postgresql < 12.21 - Data Authenticity Bypass
Nov 14, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-10976 MEDIUM
PostgreSQL 12.0-12.21 - Incorrect Row Security Policy Application via Query Reuse
Nov 14, 2024
CVSS 4.2
EPSS 0.01
CVE-2024-7348 HIGH
PostgreSQL 12.0-12.19 - Time-of-check Time-of-use Race Condition in pg_dump
Aug 08, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-4317 LOW
PostgreSQL 14.0-14.11 - Unauthenticated Missing Authorization in pg_stats_ext and pg_stats_ext_exprs Views
May 14, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-1597 CRITICAL
PostgreSQL JDBC Driver < 42.2.28 - SQL Injection via PreferQueryMode=SIMPLE
Feb 19, 2024
CVSS 10.0
EPSS 0.00
Products
postgresql 175 postgresql_jdbc_driver 10 pljava-public 1 postgresql-common 1
Quick Filters
Critical CVEs With Exploits In CISA KEV