Browse all 5 CVE security advisories affecting pgjdbc. AI-powered Chinese analysis, POCs, and references for each vulnerability.
pgjdbc is the primary JDBC driver for PostgreSQL, enabling Java applications to interact with PostgreSQL databases. Historically, it has faced vulnerabilities including remote code execution (RCE), SQL injection, and insecure deserialization, often stemming from improper input handling or insecure default configurations. Notable incidents include CVE-2022-31197, which allowed RCE through crafted JDBC strings, and CVE-2021-3616, involving SQL injection in connection parameters. The project has addressed these issues through regular security updates and improved input validation, though its widespread use makes it a persistent target for exploitation. Security teams should prioritize timely patching and secure configuration to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42198 | pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS — pgjdbcCWE-770 | 7.5 | High | 2026-04-29 |
| CVE-2025-49146 | pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration — pgjdbcCWE-287 | 8.2 | High | 2025-06-11 |
| CVE-2024-1597 | pgjdbc SQL Injection via line comment generation — pgjdbcCWE-89 | 10.0 | Critical | 2024-02-19 |
| CVE-2022-41946 | TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc — pgjdbcCWE-200 | 4.7 | Medium | 2022-11-23 |
| CVE-2022-31197 | SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc — pgjdbcCWE-89 | 7.1 | High | 2022-08-03 |
This page lists every published CVE security advisory associated with pgjdbc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.