Lucene search
K

132 matches found

Chainguard
Chainguard
added 2026/05/27 1:18 a.m.11 views

GHSA-4RHG-H8F2-V4JM vulnerabilities

Vulnerabilities for packages: pgadmin4...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/27 1:18 a.m.13 views

CVE-2026-7814 vulnerabilities

Vulnerabilities for packages: pgadmin4...

4.8CVSS5.8AI score0.00163EPSS
Exploits1
Chainguard
Chainguard
added 2026/05/27 1:18 a.m.12 views

CVE-2026-7816 vulnerabilities

Vulnerabilities for packages: pgadmin4...

8.8CVSS5.8AI score0.01444EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/27 1:18 a.m.8 views

GHSA-6P2C-69CV-3FXQ vulnerabilities

Vulnerabilities for packages: pgadmin4...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/27 1:18 a.m.15 views

CVE-2026-7818 vulnerabilities

Vulnerabilities for packages: pgadmin4...

7.8CVSS5.8AI score0.00131EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/27 1:18 a.m.11 views

CVE-2026-7817 vulnerabilities

Vulnerabilities for packages: pgadmin4...

7.1CVSS5.8AI score0.00217EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/27 1:18 a.m.14 views

CVE-2026-7813 vulnerabilities

Vulnerabilities for packages: pgadmin4...

9.9CVSS5.8AI score0.00455EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.11 views

Fedora 44 : pgadmin4 (2026-68f6155fea)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-68f6155fea advisory. Update to pgadmin4-9.15. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.9CVSS5.4AI score0.01444EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.13 views

Fedora 43 : pgadmin4 (2026-1545df20ad)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1545df20ad advisory. Update to pgadmin4-9.15. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.9CVSS5.4AI score0.01444EPSS
Exploits1References9
EUVD
EUVD
added 2026/05/11 6:31 p.m.10 views

EUVD-2026-29088

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.8 views

EUVD-2026-29084

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29081

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/11 6:31 p.m.11 views

Cross-site Scripting (XSS)

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Cross-site Scripting XSS via the assignment of user-controlled PostgreSQL object names to DOM elements using innerHTML. An attacker can execute arbitrary JavaScript code in the browser of any user who...

8.4CVSS5.9AI score0.00163EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/11 6:31 p.m.8 views

SQL Injection

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to SQL Injection via the Maintenance Tool. An attacker can execute arbitrary SQL commands and potentially escalate to operating-system command execution on the database host by supplying crafted input to the...

8.8CVSS6.3AI score0.00456EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29085

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 6:31 p.m.12 views

GHSA-HV9P-2PQF-R5W3 pgAdmin 4: Improper restriction of excessive authentication attempts

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References4
OSV
OSV
added 2026/05/11 6:31 p.m.7 views

GHSA-HP84-P2GQ-6FVR SQL injection vulnerability in pgAdmin 4 Maintenance Tool

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References4
OSV
OSV
added 2026/05/11 6:31 p.m.8 views

GHSA-4RHG-H8F2-V4JM pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.3CVSS6.5AI score0.00131EPSS
Exploits0References4
OSV
OSV
added 2026/05/11 6:31 p.m.7 views

GHSA-J74F-G7VX-FH4X pgAdmin 4: OS command injection vulnerability in Import/Export query export

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.13 views

pgAdmin 4: OS command injection vulnerability in Import/Export query export

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder