Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

PostgreSQL — Vulnerabilities & Security Advisories 83

All 83 CVE vulnerabilities found in PostgreSQL, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known vulnerabilities, weaknesses, and security issues associated with the PostgreSQL database management system. It serves as a centralized resource for tracking security flaws specific to this widely used relational database product, focusing on identifying and documenting risks across various versions and configurations. The content collected here encompasses a broad spectrum of vulnerability types, including but not limited to privilege escalation, cross-site scripting, SQL injection, and buffer overflows. The data covers a significant historical time range, capturing security advisories, patches, and disclosed exploits from the product's early releases up to the most recent versions. This chronological scope allows for a comprehensive view of how security threats have evolved alongside the software's feature set and codebase changes over the years. By utilizing this aggregation page, users can effectively track vendor-specific advisories and understand the broader context of specific weakness classes within the PostgreSQL ecosystem. It enables administrators and security analysts to look up a product’s vulnerability history, helping them assess the risk posture of their deployments. This resource supports informed decision-making regarding system updates, mitigation strategies, and compliance requirements by providing clear, structured data on past and present security challenges without requiring manual consolidation of disparate sources.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name CWE-89 3.7 Low2026-05-14
CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection CWE-121 8.8 High2026-05-14
CVE-2026-6575 PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array CWE-126 4.3 Medium2026-05-14
CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion CWE-674 7.5 High2026-05-14
CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel CWE-385 6.5 Medium2026-05-14
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory CWE-242 8.8 High2026-05-14
CVE-2026-6476 PostgreSQL pg_createsubscriber allows SQL injection via subscription name CWE-89 7.2 High2026-05-14
CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice CWE-61 8.8 High2026-05-14
CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory CWE-134 4.3 Medium2026-05-14
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound CWE-190 8.8 High2026-05-14
CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege CWE-862 5.4 Medium2026-05-14
CVE-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory CWE-122 8.2 High2026-02-12
CVE-2026-2006 PostgreSQL missing validation of multibyte character length executes arbitrary code CWE-129 8.8 High2026-02-12
CVE-2026-2005 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code CWE-122 8.8 High2026-02-12
CVE-2026-2004 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code CWE-1287 8.8 High2026-02-12
CVE-2026-2003 PostgreSQL oidvector discloses a few bytes of memory CWE-1287 4.3 Medium2026-02-12
CVE-2025-12818 PostgreSQL libpq undersizes allocations, via integer wraparound CWE-190 5.9 Medium2025-11-13
CVE-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege CWE-862 3.1 Low2025-11-13
CVE-2025-8715 PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server CWE-93 8.8 High2025-08-14
CVE-2025-8714 PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client CWE-829 8.8 High2025-08-14
CVE-2025-8713 PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table CWE-1230 3.1 Low2025-08-14
CVE-2025-4207 PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation CWE-126 5.9 Medium2025-05-08
CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CWE-149 8.1 High2025-02-13
CVE-2024-10979 PostgreSQL PL/Perl environment variable changes execute arbitrary code CWE-15 8.8 High2024-11-14
CVE-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CWE-266 4.2 Medium2024-11-14
CVE-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle CWE-348 3.1 Low2024-11-14
CVE-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes CWE-1250 4.2 Medium2024-11-14
CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL CWE-367 8.8 High2024-08-08
CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks CWE-862 3.1 Low2024-05-09
CVE-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL CWE-271 8.0 High2024-02-08

All 83 known CVE vulnerabilities affecting PostgreSQL with full Chinese analysis, references, and POCs where available.