OESA-2026-2445 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

OESA-2026-2444 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

OESA-2026-2443 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

Astra Linux - уязвимость в libpgjava

The PostgreSQL JDBC Driver also known as PgJDBC prior to version 42.2.13 allowed XXE...

BIT-POSTGRESQL-JDBC-DRIVER-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

VulnCheck KEV: CVE-2022-31197

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

EUVD-2022-4105

Malicious code in bioql PyPI...

EUVD-2022-6614

Malicious code in bioql PyPI...

EUVD-2022-1192

Malicious code in bioql PyPI...

EUVD-2022-0911

Malicious code in bioql PyPI...

EUVD-2024-0465

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-49146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to require...

TencentOS Server 4: postgresql-jdbc (TSSA-2024:0662)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0662 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: postgresql-jdbc (TSSA-2024:0094)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0094 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: postgresql-jdbc (TSSA-2022:0069)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0069 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

PostgreSQL JDBC library -- Improper Authentication

PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore...

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...