VYPR

Pgadmin4

by Pgadmin.org

pypi: pgadmin4

Source repositories

CVEs (33)

  • CVE-2025-12765Nov 13, 2025
    risk 0.00cvss epss 0.00

    pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

  • CVE-2025-12764Nov 13, 2025
    risk 0.00cvss epss 0.00

    pgAdmin <= 9.9  is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.

  • CVE-2025-12763Nov 13, 2025
    risk 0.00cvss epss 0.01

    pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path…

  • CVE-2025-12762Nov 13, 2025
    risk 0.00cvss epss 0.12

    pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting…

  • CVE-2025-9636Sep 4, 2025
    risk 0.00cvss epss 0.00

    pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

  • CVE-2025-2946Apr 3, 2025
    risk 0.00cvss epss 0.00

    pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

  • CVE-2025-2945Apr 3, 2025
    risk 0.00cvss epss 0.39

    Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the…

  • CVE-2023-1907Jan 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

  • CVE-2024-6238Jun 25, 2024
    risk 0.00cvss epss 0.00

    pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms.

  • CVE-2024-4216May 2, 2024
    risk 0.00cvss epss 0.00

    pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

  • CVE-2024-4215May 2, 2024
    risk 0.00cvss epss 0.01

    pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such…

  • CVE-2023-5002Sep 22, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API,…

  • CVE-2023-22298Jan 17, 2023
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

Page 2 of 2