Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

PostgreSQL — Vulnerabilities & Security Advisories 83

All 83 CVE vulnerabilities found in PostgreSQL, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of Common Weakness Enumeration (CWE) vulnerabilities affecting the PostgreSQL database management system developed by the PostgreSQL Global Development Group. It collects information regarding security flaws, including but not limited to SQL injection risks, privilege escalation errors, denial of service conditions, and authentication bypasses. The data covers a broad historical time range, starting from early releases of the software through to the most recent updates, ensuring a complete view of the product's security evolution. Users can track vendor advisories to stay informed about critical patches and mitigation strategies released by the official development community. Furthermore, the page allows researchers to understand specific weakness classes within the context of PostgreSQL’s architecture and examine how different versions have addressed similar security issues over time. By looking up the product’s vulnerability history, administrators can better assess legacy risk, prioritize patching efforts for current deployments, and evaluate the overall security posture of their database infrastructure. This resource serves as a central reference for security professionals, developers, and system administrators seeking to identify, analyze, and remediate security weaknesses associated with PostgreSQL without navigating fragmented information sources. The aggregated data helps in benchmarking against industry standards and understanding the frequency and severity of reported flaws in open-source relational database systems.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name CWE-89 3.7 Low2026-05-14
CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection CWE-121 8.8 High2026-05-14
CVE-2026-6575 PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array CWE-126 4.3 Medium2026-05-14
CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion CWE-674 7.5 High2026-05-14
CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel CWE-385 6.5 Medium2026-05-14
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory CWE-242 8.8 High2026-05-14
CVE-2026-6476 PostgreSQL pg_createsubscriber allows SQL injection via subscription name CWE-89 7.2 High2026-05-14
CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice CWE-61 8.8 High2026-05-14
CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory CWE-134 4.3 Medium2026-05-14
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound CWE-190 8.8 High2026-05-14
CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege CWE-862 5.4 Medium2026-05-14
CVE-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory CWE-122 8.2 High2026-02-12
CVE-2026-2006 PostgreSQL missing validation of multibyte character length executes arbitrary code CWE-129 8.8 High2026-02-12
CVE-2026-2005 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code CWE-122 8.8 High2026-02-12
CVE-2026-2004 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code CWE-1287 8.8 High2026-02-12
CVE-2026-2003 PostgreSQL oidvector discloses a few bytes of memory CWE-1287 4.3 Medium2026-02-12
CVE-2025-12818 PostgreSQL libpq undersizes allocations, via integer wraparound CWE-190 5.9 Medium2025-11-13
CVE-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege CWE-862 3.1 Low2025-11-13
CVE-2025-8715 PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server CWE-93 8.8 High2025-08-14
CVE-2025-8714 PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client CWE-829 8.8 High2025-08-14
CVE-2025-8713 PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table CWE-1230 3.1 Low2025-08-14
CVE-2025-4207 PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation CWE-126 5.9 Medium2025-05-08
CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CWE-149 8.1 High2025-02-13
CVE-2024-10979 PostgreSQL PL/Perl environment variable changes execute arbitrary code CWE-15 8.8 High2024-11-14
CVE-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CWE-266 4.2 Medium2024-11-14
CVE-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle CWE-348 3.1 Low2024-11-14
CVE-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes CWE-1250 4.2 Medium2024-11-14
CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL CWE-367 8.8 High2024-08-08
CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks CWE-862 3.1 Low2024-05-09
CVE-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL CWE-271 8.0 High2024-02-08

All 83 known CVE vulnerabilities affecting PostgreSQL with full Chinese analysis, references, and POCs where available.