K000150987: PostgreSQL pgAdmin vulnerabilities CVE-2025-2945 and CVE-2025-2946

Security Advisory Description CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint,...

CVE-2023-1907

Summary: CVE-2023-1907 affects pgAdmin4. When logging in to pgAdmin in server mode with LDAP authentication, multiple simultaneous connection attempts may cause a user to be attached to another user’s session. The related open-source/OSV entries indicate a fix for this issue in pgAdmin4 (e.g., OS...

PT-2024-6396

Name of the Vulnerable Software and Affected Versions pgAdmin versions 8.11 and earlier Description The issue is related to a security flaw in OAuth2 authentication, allowing an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. The vulnerability...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...