Known Vulnerabilities for products from Postgresql
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Postgresql".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46624 json | Not Provided | 2026-05-26 | 2026-05-26 | |
| CVE-2026-46446 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2026-46445 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2026-45717 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-45288 json | Not Provided | 2026-05-28 | 2026-05-30 | |
| CVE-2026-44719 json | Not Provided | 2026-05-15 | 2026-05-15 | |
| CVE-2026-44718 json | Not Provided | 2026-05-15 | 2026-05-18 | |
| CVE-2026-44635 json | Not Provided | 2026-05-27 | 2026-05-28 | |
| CVE-2026-44477 json | Not Provided | 2026-05-28 | 2026-05-28 | |
| CVE-2026-42198 json | pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a cli... | Not Provided | 2026-04-29 | 2026-05-01 |
| CVE-2026-6638 json | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator ... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-6575 json | Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes q... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-6479 json | Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socke... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-6478 json | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user cr... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-6477 json | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64()... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-6476 json | SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQ... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-6475 json | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local fil... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-6474 json | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memo... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-6473 json | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersi... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-6472 json | Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find... | Not Provided | 2026-05-14 | 2026-05-18 |
Known software with vulnerabilities from Postgresql
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Postgresql | Postgresql | - |
| Application | Postgresql | Postgresql-common | - |
| Application | Postgresql | Postgresql Jdbc Driver | 42.0.0 |
| Application | Postgresql | Psqlodbc | 8.3.400 |