Malicious code in perseus-postgres-jwt-config (npm)

The package perseus-postgres-jwt-config was found to contain malicious code...

Malicious code in postgres-stratosphere-draco-wolf (npm)

The package postgres-stratosphere-draco-wolf was found to contain malicious code...

MAL-2025-45542 Malicious code in perseus-postgres-jwt-config (npm)

The package perseus-postgres-jwt-config was found to contain malicious code...

MAL-2025-46872 Malicious code in zenith-virtualreality-postgres-hydrogeology (npm)

The package zenith-virtualreality-postgres-hydrogeology was found to contain malicious code...

Oracle Linux 8 : postgresql:12 (ELSA-2025-15115)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15115 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 12.22-5 - Fix previous Backport 12.22-4 - Backport CVE-2025-8715 Tenable has extracted the preceding...

Oracle Linux 8 : postgresql:13 (ELSA-2025-15021)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15021 advisory. pgaudit 1.5.0-1 - Update to version 1.5.0 Related: 1855776 pgrepack 1.4.6-3 - Release bump - enable gating 1.4.6-2 - Rebuild - Resolves:1954442 1.4.6-...

Linux Distros Unpatched Vulnerability : CVE-2017-16082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2...

Oracle Linux 8 : postgresql:16 (ELSA-2025-14899)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14899 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1...

postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...

CVE-2025-55283

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing commands embedded in a...

Linux Distros Unpatched Vulnerability : CVE-2023-39417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct...

Linux Distros Unpatched Vulnerability : CVE-2025-4207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte...

CVE-2025-55282 aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of searchpath restriction, an attacke...

Linux Distros Unpatched Vulnerability : CVE-2024-10979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PAT...

Linux Distros Unpatched Vulnerability : CVE-2023-2454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated...

Malicious code in postgres-astroinformatics-janus-mocha (npm)

The package postgres-astroinformatics-janus-mocha was found to contain malicious code...

Malicious code in postgres-child-process-package-arcturus (npm)

The package postgres-child-process-package-arcturus was found to contain malicious code...

MAL-2025-25901 Malicious code in mantle-async-nebula-postgres (npm)

The package mantle-async-nebula-postgres was found to contain malicious code...

MAL-2025-28680 Malicious code in paleomagnetism-postgres-aether-stop (npm)

The package paleomagnetism-postgres-aether-stop was found to contain malicious code...

Malicious code in paleomagnetism-postgres-aether-stop (npm)

The package paleomagnetism-postgres-aether-stop was found to contain malicious code...