EUVD-2026-34901

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance...

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. An issue in Aurora PostgreSQL using the AWS Go Wrapper waa identified, see CVE-2026-11401. Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to...

GHSA-R236-5PC3-3QCP AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. An issue in Aurora PostgreSQL using the AWS Go Wrapper waa identified, see CVE-2026-11401. Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...

CVE-2026-11401

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

CVE-2026-11401

The CVE-2026-11401 entry describes an untrusted search path vulnerability in the GlobalDatabasePlugin of the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL. A remote authenticated low-privilege actor can escalate to other Amazon RDS user privileges (including rds_superuser) via a crafted fu...

GO-2025-4119 AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance in github.com/aws/aws-advanced-go-wrapper/awssql

AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance in github.com/aws/aws-advanced-go-wrapper/awssql...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker can execute malicious code with elevated privileges by creating crafted functions with names that...

EUVD-2025-180216

AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance...

AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

GHSA-7WQ2-32H4-9HC9 AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

EUVD-2025-48942

AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow privilege escalation to the rds_superuser role via a crafted function executed by a low-privileged authenticated user. Affected wrappers include AWS JDBC Wrapper, AWS Go Wrapper, AWS NodeJS Wrapper, AWS Python Wrapper, and AWS PGSQL ...

PT-2025-46181

Name of the Vulnerable Software and Affected Versions AWS JDBC Wrapper versions prior to 2.6.5 AWS Go Wrapper versions prior to 2025-10-17 AWS NodeJS Wrapper versions prior to 2.0.1 AWS Python Wrapper versions prior to 1.4.0 AWS PGSQL ODBC driver versions prior to 1.0.1 Description An issue in AW...

EUVD-2021-1136

Malware in sbrugna...

CentOS 7 : buildah (RHSA-2020:1231)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1231 advisory. - The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This...

PT-2022-18404 · Red Hat · Podman

Name of the Vulnerable Software and Affected Versions: podman versions prior to the version fixed via RHSA-2020:2117 Description: The issue could potentially be used to crash or cause code execution in Go applications using the Go GPGME wrapper library under certain conditions during GPG signatur...

GPGME Go wrapper contains Use After Free

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

proglottis/gpgme: Use-after-free in GPGME bindings during container image pull

A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...