Critical severity9.8NVD Advisory· Published Apr 7, 2026· Updated May 21, 2026
CVE-2026-33815
CVE-2026-33815
Description
Memory-safety vulnerability in github.com/jackc/pgx/v5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/jackc/pgx/v5/pgproto3Go | < 5.9.0 | 5.9.0 |
Affected products
6- cpe:2.3:a:pgx_project:pgx:*:*:*:*:*:go:*:*
- osv-coords5 versionspkg:apk/chainguard/gitaly-18.11pkg:apk/chainguard/teleport-18.6pkg:apk/wolfi/gitaly-18.11pkg:apk/wolfi/teleport-18.6pkg:golang/github.com/jackc/pgx/v5/pgproto3
< 18.11.6-r1+ 4 more
- (no CPE)range: < 18.11.6-r1
- (no CPE)range: < 18.6.8-r22
- (no CPE)range: < 18.11.6-r1
- (no CPE)range: < 18.6.8-r22
- (no CPE)range: < 5.9.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-xgrm-4fwx-7qm8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33815ghsaADVISORY
- pkg.go.dev/vuln/GO-2026-4771nvdThird Party AdvisoryWEB
- github.com/jackc/pgx/v5ghsaPACKAGE
- github.com/jackc/pgx/commit/6dbad4cafdb8a4daab7ff79c858c95da4b6109e8ghsaWEB
- github.com/jackc/pgx/issues/2519ghsaWEB
- github.com/jackc/pgx/issues/2530ghsaWEB
News mentions
0No linked articles in our index yet.