VYPR

Postgres

by PostgreSQL

Source repositories

CVEs (7)

  • CVE-2025-1094HigFeb 13, 2025
    risk 0.62cvss 8.1epss 0.89

    Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires…

  • CVE-2026-6637HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary…

  • CVE-2026-6477HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(...,…

  • CVE-2026-6473HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.01

    Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass…

  • CVE-2026-6575MedMay 14, 2026
    risk 0.28cvss 4.3epss 0.00

    Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor…

  • CVE-2025-12817LowNov 13, 2025
    risk 0.20cvss 3.1epss 0.00

    Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then…

  • CVE-2025-22248May 13, 2025
    risk 0.00cvss epss 0.00

    The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform…