VYPR

Vendor CVEs

PostgreSQL

All CVEs

187 total · sorted by risk
  • CVE-2017-7546CriAug 16, 2017
    risk 0.69cvss 9.8epss 0.62

    PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

  • CVE-2025-1094HigFeb 13, 2025
    risk 0.62cvss 8.1epss 0.89

    Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires…

  • CVE-2018-1115CriMay 10, 2018
    risk 0.59cvss 9.1epss 0.04

    postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to…

  • CVE-2016-3065CriApr 11, 2016
    risk 0.59cvss 9.1epss 0.03

    The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service…

  • CVE-2018-1058HigMar 2, 2018
    risk 0.58cvss 8.8epss 0.14

    A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

  • CVE-2017-7547HigAug 16, 2017
    risk 0.58cvss 8.8epss 0.06

    PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

  • CVE-2016-0766HigFeb 17, 2016
    risk 0.58cvss 8.8epss 0.04

    PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.

  • CVE-2026-6637HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary…

  • CVE-2026-6477HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(...,…

  • CVE-2026-6473HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass…

  • CVE-2025-8715HigAug 14, 2025
    risk 0.57cvss 8.8epss 0.00

    Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object…

  • CVE-2025-8714HigAug 14, 2025
    risk 0.57cvss 8.8epss 0.01

    Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. …

  • CVE-2018-10915HigAug 9, 2018
    risk 0.56cvss 8.5epss 0.05

    A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could…

  • CVE-2016-5423HigDec 9, 2016
    risk 0.54cvss 8.3epss 0.06

    PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute…

  • CVE-2016-7048HigAug 20, 2018
    risk 0.53cvss 8.1epss 0.05

    The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

  • CVE-2018-10925HigAug 9, 2018
    risk 0.53cvss 8.1epss 0.02

    It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read…

  • CVE-2017-15098HigNov 22, 2017
    risk 0.53cvss 8.1epss 0.04

    Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

  • CVE-2026-6475HigMay 14, 2026
    risk 0.50cvss 8.8epss 0.00

    Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands…

  • CVE-2026-42198HigApr 29, 2026
    risk 0.49cvss 7.5epss 0.00

    pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very…

  • CVE-2017-7548HigAug 16, 2017
    risk 0.49cvss 7.5epss 0.04

    PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

  • CVE-2016-0768HigJun 6, 2017
    risk 0.49cvss 7.5epss 0.01

    PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.

  • CVE-2017-7486HigMay 12, 2017
    risk 0.49cvss 7.5epss 0.06

    PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

  • CVE-2017-7484HigMay 12, 2017
    risk 0.49cvss 7.5epss 0.03

    It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information.…

  • CVE-2016-2193HigApr 11, 2016
    risk 0.49cvss 7.5epss 0.02

    PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

  • CVE-2016-0773HigFeb 17, 2016
    risk 0.49cvss 7.5epss 0.07

    PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

  • CVE-2002-1657HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

  • CVE-2016-5424HigDec 9, 2016
    risk 0.47cvss 7.1epss 0.05

    PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage…

  • CVE-2018-1053HigFeb 9, 2018
    risk 0.46cvss 7.0epss 0.00

    In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade,…

  • CVE-2026-9617MedMay 27, 2026
    risk 0.44cvss 6.8epss 0.00

    PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The…

  • CVE-2017-12172MedNov 22, 2017
    risk 0.44cvss 6.7epss 0.01

    PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account.…

  • CVE-2017-15099MedNov 22, 2017
    risk 0.43cvss 6.5epss 0.06

    INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT…

  • CVE-2026-6479HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions…

  • CVE-2018-1052MedFeb 9, 2018
    risk 0.42cvss 6.5epss 0.02

    Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.

  • CVE-2016-2192MedJun 6, 2017
    risk 0.42cvss 6.5epss 0.01

    PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own.

  • CVE-2012-3489MedOct 3, 2012
    risk 0.42cvss 6.5epss 0.03

    The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file…

  • CVE-2026-6476HigMay 14, 2026
    risk 0.40cvss 7.2epss 0.00

    SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and…

  • CVE-2017-7485MedMay 12, 2017
    risk 0.39cvss 5.9epss 0.02

    In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this…

  • CVE-2025-12818MedNov 13, 2025
    risk 0.38cvss 5.9epss 0.00

    Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application…

  • CVE-2025-4207MedMay 8, 2025
    risk 0.38cvss 5.9epss 0.01

    Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL…

  • CVE-2017-8806MedNov 13, 2017
    risk 0.36cvss 5.5epss 0.00

    The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local…

  • CVE-2026-6478MedMay 14, 2026
    risk 0.35cvss 6.5epss 0.00

    Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases…

  • CVE-2026-6575MedMay 14, 2026
    risk 0.28cvss 4.3epss 0.00

    Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor…

  • CVE-2026-6472MedMay 14, 2026
    risk 0.28cvss 5.4epss 0.00

    Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. …

  • CVE-2026-6474MedMay 14, 2026
    risk 0.21cvss 4.3epss 0.00

    Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

  • CVE-2025-12817LowNov 13, 2025
    risk 0.20cvss 3.1epss 0.00

    Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then…

  • CVE-2025-8713LowAug 14, 2025
    risk 0.20cvss 3.1epss 0.00

    PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data…

  • CVE-2026-6638LowMay 14, 2026
    risk 0.17cvss 3.7epss 0.00

    SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major…

  • CVE-2019-9193Apr 1, 2019
    risk 0.10cvss epss 0.92

    In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused…

  • CVE-2013-1899Apr 4, 2013
    risk 0.07cvss epss 0.54

    Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary…

  • CVE-2007-3280Jun 19, 2007
    risk 0.05cvss epss 0.26

    The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by…

Page 1 of 4