Org.postgresql:postgresql

This hub aggregates every CVE we track for Org.postgresql:postgresql, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 8 most recently published vulnerabilities affecting Org.postgresql:postgresql.

• CVE-2025-49146pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration8.2Jun 11, 2025
• CVE-2024-1597pgjdbc SQL Injection via line comment generation10.0Feb 19, 2024
• CVE-2022-41946TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc4.7Nov 23, 2022
• CVE-2022-31197SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc7.1Aug 3, 2022
• CVE-2022-26520In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection p...9.8Mar 7, 2022
• CVE-2022-21724Unchecked Class Instantiation when providing Plugin Classes7.0Feb 2, 2022
• CVE-2020-13692PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.7.7Jun 4, 2020
• CVE-2012-1618Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL...7.5Oct 6, 2012