Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pgadmin.org — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting pgadmin.org. AI-powered Chinese analysis, POCs, and references for each vulnerability.

pgadmin.org serves as the primary open-source administration and development platform for PostgreSQL databases, enabling users to manage database objects, query data, and administer servers through a web interface. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure session management. While no major public security incidents have been widely documented, the 15 recorded CVEs highlight persistent security concerns, particularly in areas like authentication bypass and SQL injection. The application's web-based architecture and extensive feature set create multiple attack surfaces, necessitating regular security updates and careful configuration to mitigate risks.

Top products by pgadmin.org: pgAdmin 4
CVE IDTitleCVSSSeverityPublished
CVE-2026-7820 pgAdmin 4: Account-lockout bypass via Flask-Security default /login view — pgAdmin 4 6.5 Medium2026-05-11
CVE-2026-7819 pgAdmin 4: Symbolic-link path traversal in File Manager allows arbitrary file write — pgAdmin 4 8.1 High2026-05-11
CVE-2026-7818 pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution — pgAdmin 4 7.0 High2026-05-11
CVE-2026-7816 pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout — pgAdmin 4 8.8 High2026-05-11
CVE-2026-7817 pgAdmin 4: Local file inclusion and server-side request forgery in LLM API configuration endpoints — pgAdmin 4 6.5 Medium2026-05-11
CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution — pgAdmin 4 8.8 High2026-05-11
CVE-2026-7814 pgAdmin 4: Stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer — pgAdmin 4 4.8 Medium2026-05-11
CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode — pgAdmin 4 9.9 Critical2026-05-11
CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4) — pgAdmin 4 7.4 High2026-02-05
CVE-2025-13780 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4) — pgAdmin 4 9.1 Critical2025-12-11
CVE-2025-12765 pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass. — pgAdmin 4 7.5 High2025-11-13
CVE-2025-12764 pgAdmin 4: LDAP injection vulnerability in LDAP authentication flow. — pgAdmin 4 7.5 High2025-11-13
CVE-2025-12763 Command injection vulnerability allowing arbitrary command execution on Windows — pgAdmin 4 6.8 Medium2025-11-13
CVE-2025-12762 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4) — pgAdmin 4 9.1 Critical2025-11-13
CVE-2025-9636 Cross-Origin Opener Policy Vulnerability in pgAdmin 4 — pgAdmin 4 7.9 High2025-09-04
CVE-2025-2946 Cross-Site Vulnerability(XSS) due to arbitrary HTML/JavaScript gets executed while query result rendering in Query Tool and View/Edit Data Tool of pgAdmin 4 — pgAdmin 4 9.1 Critical2025-04-03
CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment — pgAdmin 4 9.9 Critical2025-04-03
CVE-2024-9014 OAuth2 client id and secret exposed through the web browser in pgAdmin 4 — pgAdmin 4 9.9 Critical2024-09-23
CVE-2024-6238 pgAdmin 4 Installation Directory permission issue — pgAdmin 4 7.4 High2024-06-25
CVE-2024-4216 XSS vulnerability in /settings/store API response json payload in pgAdmin 4 — pgAdmin 4 7.4 High2024-05-02
CVE-2024-4215 The Multi Factor Authentication bypass vulnerability in pgAdmin 4 — pgAdmin 4 7.4 High2024-05-02
CVE-2024-3116 Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4 — pgAdmin 4 7.4 High2024-04-04
CVE-2024-2044 Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4 — pgAdmin 4 9.9 Critical2024-03-07

This page lists every published CVE security advisory associated with pgadmin.org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.