VYPR

Pgx

by Jackc

Source repositories

CVEs (4)

  • CVE-2026-41889CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a…

  • CVE-2024-27304CriMar 6, 2024
    risk 0.57cvss 9.8epss 0.01

    pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the…

  • CVE-2026-32286HigMar 26, 2026
    risk 0.49cvss 7.5epss 0.00

    The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

  • CVE-2024-27289HigMar 6, 2024
    risk 0.46cvss 8.1epss 0.01

    pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a…