postgresql

Top products

The 15 most recently published vulnerabilities affecting postgresql.

• CVE-2026-6638PostgreSQL REFRESH PUBLICATION allows SQL injection via table name3.7May 14, 2026
• CVE-2026-6637PostgreSQL refint allows stack buffer overflow and SQL injection8.8May 14, 2026
• CVE-2026-6575PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array4.3May 14, 2026
• CVE-2026-6479PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion7.5May 14, 2026
• CVE-2026-6478PostgreSQL discloses MD5-hashed passwords via covert timing channel6.5May 14, 2026
• CVE-2026-6477PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory8.8May 14, 2026
• CVE-2026-6476PostgreSQL pg_createsubscriber allows SQL injection via subscription name7.2May 14, 2026
• CVE-2026-6475PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice8.8May 14, 2026
• CVE-2026-6474PostgreSQL timeofday() can disclose portions of server memory4.3May 14, 2026
• CVE-2026-6473PostgreSQL server undersizes allocations, via integer wraparound8.8May 14, 2026
• CVE-2026-6472PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege5.4May 14, 2026
• CVE-2026-42198pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS7.5Apr 29, 2026
• CVE-2026-2007PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory8.2Feb 12, 2026
• CVE-2026-2006PostgreSQL missing validation of multibyte character length executes arbitrary code8.8Feb 12, 2026
• CVE-2026-2005PostgreSQL pgcrypto heap buffer overflow executes arbitrary code8.8Feb 12, 2026