115 matches found
CVE-2026-7819 vulnerabilities
Vulnerabilities for packages: pgadmin4...
CVE-2026-7820 vulnerabilities
Vulnerabilities for packages: pgadmin4...
GHSA-HV9P-2PQF-R5W3 vulnerabilities
Vulnerabilities for packages: pgadmin4...
CVE-2026-7816 vulnerabilities
Vulnerabilities for packages: pgadmin4...
CVE-2026-7813 vulnerabilities
Vulnerabilities for packages: pgadmin4...
CVE-2026-7817 vulnerabilities
Vulnerabilities for packages: pgadmin4...
GHSA-P58C-Q354-6C4F vulnerabilities
Vulnerabilities for packages: pgadmin4...
CVE-2026-7814 vulnerabilities
Vulnerabilities for packages: pgadmin4...
GHSA-4RHG-H8F2-V4JM vulnerabilities
Vulnerabilities for packages: pgadmin4...
GHSA-6P2C-69CV-3FXQ vulnerabilities
Vulnerabilities for packages: pgadmin4...
CVE-2026-7818 vulnerabilities
Vulnerabilities for packages: pgadmin4...
Fedora 43 : pgadmin4 (2026-1545df20ad)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1545df20ad advisory. Update to pgadmin4-9.15. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora 44 : pgadmin4 (2026-68f6155fea)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-68f6155fea advisory. Update to pgadmin4-9.15. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
jupyter-pgadmin-proxy (>=0.0.1 <=0.0.4) potentially affected by CVE-2026-7815 via pgadmin4 (=9.14.0)
pgadmin4 PYPI version =9.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on pgadmin4 and may be impacted: - jupyter-pgadmin-proxy =0.0.1, =0.0.4 Source cves: CVE-2026-7815 Source advisory: OSV:GHSA-HP84-P2GQ-6FVR...
EUVD-2026-29085
Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...
pgAdmin 4: Improper restriction of excessive authentication attempts
Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...
SQL Injection
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to SQL Injection via the Maintenance Tool. An attacker can execute arbitrary SQL commands and potentially escalate to operating-system command execution on the database host by supplying crafted input to the...
Cross-site Scripting (XSS)
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Cross-site Scripting XSS via the assignment of user-controlled PostgreSQL object names to DOM elements using innerHTML. An attacker can execute arbitrary JavaScript code in the browser of any user who...
jupyter-pgadmin-proxy (>=0.0.1 <=0.0.4) potentially affected by CVE-2026-7814 via pgadmin4 (=9.14.0)
pgadmin4 PYPI version =9.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on pgadmin4 and may be impacted: - jupyter-pgadmin-proxy =0.0.1, =0.0.4 Source cves: CVE-2026-7814 Source advisory: OSV:GHSA-6P2C-69CV-3FXQ...
GHSA-J74F-G7VX-FH4X pgAdmin 4: OS command injection vulnerability in Import/Export query export
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...