CVE-2025-29189

Flowise = 2.2.3 is vulnerable to SQL Injection. via tableName parameter at PostgresVectorStores...

PT-2025-15692 · Flowise · Flowise

Name of the Vulnerable Software and Affected Versions: Flowise versions 2.2.3 and earlier Description: The issue is related to SQL Injection, which occurs via the tableName parameter at Postgres VectorStores. This allows for potential exploitation. Recommendations: For versions 2.2.3 and earlier,...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise 2.2.3 and earlier versions that stems from an SQL injection in the tableName parameter of PostgresVectorStores...

postgresql:12 security update

pgaudit postgres-decoderbufs postgresql 12.22-3 - Fix backport for CVE-2025-1094 12.22-2 - Backport fix for CVE-2025-1094...

cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +13 more potentially affected by CVE-2024-11602 via feast (>=0.14.1 <=0.39.1)

feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.0.1, =0.0.23 Source cves: CVE-2024-11602 Source advisory: OSV:GHSA-WXPC-2674-RXVW...

OESA-2025-1228 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

postgresql:13 security update

pgaudit 1.5.0-1 - Update to version 1.5.0 Related: 1855776 pgrepack 1.4.6-3 - Release bump - enable gating postgres-decoderbufs 0.10.0-2 - Release bump for rebuild against libpq-12.1-3 postgresql 13.20-1 - Update to 13.20 - Fix CVE-2025-1094...

postgresql:15 security update

pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47350 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related: 212841...

A Bootiful Podcast: 'Just Use Postgres!' author Denis Magda

Hi, Spring fans! In this installment we talk to Java and distributed database ninja Denis Magda about his new book, "Just Use Postgres!", which looks at how to wield Postgres for a variety of use cases that an application developer should know...

CVE-2020-4062

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's...

BIT-SUPERSET-2024-55633 Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

This Week in Spring - February 11th, 2025

Hi, Spring fans! It's almost Valentine's day, and let me just say: I love the Spring community! It's such an exciting and interesting place to be. Thank you everyone for all that you do. I'm busy preparing for ConFoo, in Montreal, Canada, and for Devnexus, in Atlanta, Georgia. If you're around be...

Malicious code in worker-template-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06ee62f6404cbc2ab384a294313e49c9685b3f7a3251a4c9b86dd1d8e90dfb05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1198 Malicious code in worker-template-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06ee62f6404cbc2ab384a294313e49c9685b3f7a3251a4c9b86dd1d8e90dfb05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BIT-PHP-MIN-2022-31625 Freeing unallocated memory in php_pgsql_free_params()

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

CVE-2024-55633

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

CVE-2024-55633

CVE-2024-55633 is an Improper Authorization vulnerability in Apache Superset. An attacker with SQLLab access to a PostgreSQL analytic database can craft a SQL DML statement that is incorrectly identified as a read-only query, allowing its execution. The issue does not affect non-PostgreSQL analyt...

PT-2024-9601 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 4.1.0 Description: The issue is related to improper authorization in Apache Superset, specifically affecting Postgres analytic databases. An attacker with access to SQLLab can craft a specially designed SQL D...