Search CVE reports

Toggle filters

1 – 10 of 44 results

CVE-2026-2007

Medium priority
Vulnerable

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the...

8 affected packages

postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-18 Not in release Not in release
postgresql-17 Not in release Not in release
postgresql-16 Needs evaluation Not in release
postgresql-14 Not in release Needs evaluation
postgresql-12 Not in release Not in release Needs evaluation
postgresql-10 Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 8 packages Show less packages

CVE-2026-2006

Medium priority
Vulnerable

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user...

8 affected packages

postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-18 Not in release Not in release
postgresql-17 Not in release Not in release
postgresql-16 Needs evaluation Not in release
postgresql-14 Not in release Needs evaluation
postgresql-12 Not in release Not in release Needs evaluation
postgresql-10 Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 8 packages Show less packages

CVE-2026-2005

High priority
Vulnerable

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

8 affected packages

postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-18 Not in release Not in release
postgresql-17 Not in release Not in release
postgresql-16 Needs evaluation Not in release
postgresql-14 Not in release Needs evaluation
postgresql-12 Not in release Not in release Needs evaluation
postgresql-10 Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 8 packages Show less packages

CVE-2026-2003

Medium priority
Vulnerable

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed...

8 affected packages

postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-18 Not in release Not in release
postgresql-17 Not in release Not in release
postgresql-16 Needs evaluation Not in release
postgresql-14 Not in release Needs evaluation
postgresql-12 Not in release Not in release Needs evaluation
postgresql-10 Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 8 packages Show less packages

CVE-2026-2361

Medium priority
Vulnerable

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then...

8 affected packages

postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-18 Not in release Not in release
postgresql-17 Not in release Not in release
postgresql-16 Not affected Not in release
postgresql-14 Not in release Not affected
postgresql-12 Not in release Not in release Not affected
postgresql-10 Not in release Not in release Not affected
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 8 packages Show less packages

CVE-2025-12818

Medium priority

Some fixes available 4 of 8

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results...

8 affected packages

postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-18 Not in release Not in release
postgresql-17 Not in release Not in release
postgresql-16 Fixed Not in release
postgresql-14 Not in release Fixed
postgresql-12 Not in release Not in release Needs evaluation
postgresql-10 Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 8 packages Show less packages

CVE-2025-12817

Medium priority

Some fixes available 4 of 8

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a...

8 affected packages

postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-18 Not in release Not in release
postgresql-17 Not in release Not in release
postgresql-16 Fixed Not in release
postgresql-14 Not in release Fixed
postgresql-12 Not in release Not in release Needs evaluation
postgresql-10 Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 8 packages Show less packages

CVE-2025-8715

Medium priority

Some fixes available 4 of 8

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql...

7 affected packages

postgresql-17, postgresql-16, postgresql-14, postgresql-12, postgresql-10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-17 Not in release Not in release
postgresql-16 Fixed Not in release
postgresql-14 Not in release Fixed
postgresql-12 Not in release Not in release Needs evaluation
postgresql-10 Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 7 packages Show less packages

CVE-2025-8714

Medium priority

Some fixes available 4 of 8

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via...

7 affected packages

postgresql-17, postgresql-16, postgresql-14, postgresql-12, postgresql-10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-17 Not in release Not in release
postgresql-16 Fixed Not in release
postgresql-14 Not in release Fixed
postgresql-12 Not in release Not in release Needs evaluation
postgresql-10 Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 7 packages Show less packages

CVE-2025-8713

Medium priority

Some fixes available 4 of 8

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. ...

7 affected packages

postgresql-17, postgresql-16, postgresql-14, postgresql-12, postgresql-10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
postgresql-17 Not in release Not in release
postgresql-16 Fixed Not in release
postgresql-14 Not in release Fixed
postgresql-12 Not in release Not in release Needs evaluation
postgresql-10 Not in release Not in release Needs evaluation
postgresql-9.5 Not in release Not in release
postgresql-9.3 Not in release Not in release
Show all 7 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON