rpm package
suse/pgadmin4&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-12765 | Hig | 7.5 | < 4.30-150300.3.21.1 | 4.30-150300.3.21.1 | Nov 13, 2025 | pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification. | |
| CVE-2025-12764 | Hig | 7.5 | < 4.30-150300.3.21.1 | 4.30-150300.3.21.1 | Nov 13, 2025 | pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS. | |
| CVE-2025-9636 | Hig | 7.9 | < 4.30-150300.3.24.1 | 4.30-150300.3.24.1 | Sep 4, 2025 | pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation. | |
| CVE-2025-27152 | Med | 5.3 | < 4.30-150300.3.18.1 | 4.30-150300.3.18.1 | Mar 7, 2025 | axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka | |
| CVE-2023-1907 | Hig | 8.0 | < 4.30-150300.3.18.1 | 4.30-150300.3.18.1 | Jan 9, 2025 | A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. | |
| CVE-2024-4068 | Hig | 7.5 | < 4.30-150300.3.18.1 | 4.30-150300.3.18.1 | May 14, 2024 | The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program |
- affected < 4.30-150300.3.21.1fixed 4.30-150300.3.21.1
pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
- affected < 4.30-150300.3.21.1fixed 4.30-150300.3.21.1
pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
- affected < 4.30-150300.3.24.1fixed 4.30-150300.3.24.1
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.
- affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka
- affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
- affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1
The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program