PT-2025-46824

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.1 PostgreSQL versions 13.23 and earlier PostgreSQL versions 14.20 and earlier PostgreSQL versions 15.15 and earlier PostgreSQL versions 16.11 and earlier PostgreSQL versions 17.7 and earlier Description An integ...

Linux Distros Unpatched Vulnerability : CVE-2025-12818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an...

Linux Distros Unpatched Vulnerability : CVE-2025-12817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creatin...

Vulnerability in core server (CVE-2025-12818)

PostgreSQL libpq undersizes allocations, via integer wraparound Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in...

Vulnerability in core server (CVE-2025-12817)

PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, fro...

EUVD-2025-116507

Malicious code in ariel-postgres-ariel-proxima npm...

EUVD-2025-113423

Malicious code in framework-oauth-postgres-fetch npm...

Malicious code in koa-postgres-blaze-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b6cdae761bee4ee4e8ae8294fde8b8c4d62a37e14f8b704bf9fa3dee5d856c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-120155

Malicious code in yakutsk-postgres-tool-node-config npm...

MAL-2025-139595 Malicious code in ariel-postgres-ariel-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52581d417bf9190a23944e8bbf136ab50f5700f8a2f7caf39cf0c15bc94043ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow privilege escalation to the rds_superuser role via a crafted function executed by a low-privileged authenticated user. Affected wrappers include AWS JDBC Wrapper, AWS Go Wrapper, AWS NodeJS Wrapper, AWS Python Wrapper, and AWS PGSQL ...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...

Npgsql 安全漏洞

Npgsql is Npgsql Open Source an open source .NET data provider program for PostgreSQL. A security vulnerability exists in Npgsql, which stems from the ability of a low-privileged user to create specially crafted functions that may result in elevated privileges...

PT-2025-46181

Name of the Vulnerable Software and Affected Versions AWS JDBC Wrapper versions prior to 2.6.5 AWS Go Wrapper versions prior to 2025-10-17 AWS NodeJS Wrapper versions prior to 2.0.1 AWS Python Wrapper versions prior to 1.4.0 AWS PGSQL ODBC driver versions prior to 1.0.1 Description An issue in AW...

Django: Potential SQL Injection when annotating FilteredRelation on PostgreSQL

A potential SQL injection vulnerability was discovered in Django's annotation of FilteredRelation on PostgreSQL. The vulnerability was caused by an incomplete regular expression filter in the FORBIDDENALIASPATTERN. This allowed user input to be interpreted as raw strings, potentially enabling the...

Security Bulletin: IBM Cognos Analytics Certified Containers is affected by security vulnerabilities

Summary IBM Cognos Analytics Certified Containers is affected by vulnerabilities in the PostgreSQL JDBC Driver. Additionally , IBM Cognos Certified Containers is affected by an Information Disclosure vulnerability. Vulnerability Details CVEID:CVE-2022-31197 DESCRIPTION: PostgreSQL JDBC Driver...

database/sql: Postgres Scan Race Condition

A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...