Go modules package
github.com/jackc/pgx/v5
pkg:golang/github.com/jackc/pgx/v5
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41889 | Cri | 9.8 | < 5.9.2 | 5.9.2 | May 8, 2026 | pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placehol | |
| CVE-2026-33816 | Cri | 9.8 | < 5.9.0 | 5.9.0 | Apr 7, 2026 | Memory-safety vulnerability in github.com/jackc/pgx/v5. | |
| CVE-2024-27304 | Cri | 9.8 | >= 5.0.0, < 5.5.4 | 5.5.4 | Mar 6, 2024 | pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the atta |
- affected < 5.9.2fixed 5.9.2
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placehol
- affected < 5.9.0fixed 5.9.0
Memory-safety vulnerability in github.com/jackc/pgx/v5.
- affected >= 5.0.0, < 5.5.4fixed 5.5.4
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the atta