rpm package
suse/pgadmin4&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-12765 | — | < 4.30-150300.3.21.1 | 4.30-150300.3.21.1 | Nov 13, 2025 | pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification. | ||
| CVE-2025-12764 | — | < 4.30-150300.3.21.1 | 4.30-150300.3.21.1 | Nov 13, 2025 | pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS. | ||
| CVE-2025-9636 | — | < 4.30-150300.3.24.1 | 4.30-150300.3.24.1 | Sep 4, 2025 | pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation. | ||
| CVE-2025-27152 | — | < 4.30-150300.3.18.1 | 4.30-150300.3.18.1 | Mar 7, 2025 | axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka | ||
| CVE-2023-1907 | — | < 4.30-150300.3.18.1 | 4.30-150300.3.18.1 | Jan 9, 2025 | A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. | ||
| CVE-2024-4068 | — | < 4.30-150300.3.18.1 | 4.30-150300.3.18.1 | May 13, 2024 | The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program | ||
| CVE-2024-2044 | — | < 4.30-150300.3.12.1 | 4.30-150300.3.12.1 | Mar 7, 2024 | pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is |
- CVE-2025-12765Nov 13, 2025affected < 4.30-150300.3.21.1fixed 4.30-150300.3.21.1
pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
- CVE-2025-12764Nov 13, 2025affected < 4.30-150300.3.21.1fixed 4.30-150300.3.21.1
pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
- CVE-2025-9636Sep 4, 2025affected < 4.30-150300.3.24.1fixed 4.30-150300.3.24.1
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.
- CVE-2025-27152Mar 7, 2025affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka
- CVE-2023-1907Jan 9, 2025affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
- CVE-2024-4068May 13, 2024affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1
The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program
- CVE-2024-2044Mar 7, 2024affected < 4.30-150300.3.12.1fixed 4.30-150300.3.12.1
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is