Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pgadmin.org — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting pgadmin.org. AI-powered Chinese analysis, POCs, and references for each vulnerability.

pgadmin.org serves as the primary open-source administration and development platform for PostgreSQL databases, enabling users to manage database objects, query data, and administer servers through a web interface. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure session management. While no major public security incidents have been widely documented, the 15 recorded CVEs highlight persistent security concerns, particularly in areas like authentication bypass and SQL injection. The application's web-based architecture and extensive feature set create multiple attack surfaces, necessitating regular security updates and careful configuration to mitigate risks.

Found 15 results / 15Clear Filters
Top products by pgadmin.org: pgAdmin 4
CVE IDTitleCVSSSeverityPublished
CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4) — pgAdmin 4 7.4 High2026-02-05
CVE-2025-13780 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4) — pgAdmin 4 9.1 Critical2025-12-11
CVE-2025-12765 pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass. — pgAdmin 4 7.5 High2025-11-13
CVE-2025-12764 pgAdmin 4: LDAP injection vulnerability in LDAP authentication flow. — pgAdmin 4 7.5 High2025-11-13
CVE-2025-12763 Command injection vulnerability allowing arbitrary command execution on Windows — pgAdmin 4 6.8 Medium2025-11-13
CVE-2025-12762 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4) — pgAdmin 4 9.1 Critical2025-11-13
CVE-2025-9636 Cross-Origin Opener Policy Vulnerability in pgAdmin 4 — pgAdmin 4 7.9 High2025-09-04
CVE-2025-2946 Cross-Site Vulnerability(XSS) due to arbitrary HTML/JavaScript gets executed while query result rendering in Query Tool and View/Edit Data Tool of pgAdmin 4 — pgAdmin 4 9.1 Critical2025-04-03
CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment — pgAdmin 4 9.9 Critical2025-04-03
CVE-2024-9014 OAuth2 client id and secret exposed through the web browser in pgAdmin 4 — pgAdmin 4 9.9 Critical2024-09-23
CVE-2024-6238 pgAdmin 4 Installation Directory permission issue — pgAdmin 4 7.4 High2024-06-25
CVE-2024-4216 XSS vulnerability in /settings/store API response json payload in pgAdmin 4 — pgAdmin 4 7.4 High2024-05-02
CVE-2024-4215 The Multi Factor Authentication bypass vulnerability in pgAdmin 4 — pgAdmin 4 7.4 High2024-05-02
CVE-2024-3116 Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4 — pgAdmin 4 7.4 High2024-04-04
CVE-2024-2044 Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4 — pgAdmin 4 9.9 Critical2024-03-07

This page lists every published CVE security advisory associated with pgadmin.org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.