Exposure of Sensitive Information Through Metadata

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata via optimizer statistics. An attacker can access sensitive sampled data by querying views, partitions, or child tables by crafting a leaky operator that bypasses view access control lis...

@fedify/amqp (=0.2.0-dev.12), @fedify/postgres (>=0.3.0 <=0.3.0-dev.22) +1 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=1.5.0-dev.732 <=1.5.0)

@fedify/fedify NPM version =1.5.0-dev.732, =0.3.0, =0.4.0, =0.4.0-dev.19 Source cves: CVE-2025-54888 Source advisory: SNYK:JS-FEDIFYFEDIFY-11735306...

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.11) +6 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=0.10.2 <=1.10.9)

@fedify/fedify NPM version =0.10.2, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2025-54888 Source advisory: OSV:GHSA-6JCC-XGCR-Q3H4...

CLSA-2025-1753963973 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

BIT-PHP-MIN-2025-1735 pgsql extension does not check for errors during escaping

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

CVE-2025-1735 pgsql extension does not check for errors during escaping

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

CVE-2025-1735 pgsql extension does not check for errors during escaping

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

SUSE CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

MAL-2025-5662 Malicious code in @instant-postgres/neon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5998172caafd763bd9d8fc92acc7e18e96f4a14c19f5871e16257eaff6547366 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @instant-postgres/neon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5998172caafd763bd9d8fc92acc7e18e96f4a14c19f5871e16257eaff6547366 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-24288

Versa Director (Versa Networks) is affected by CVE-2025-24288. Public details describe multiple issues including exposure of services by default with default credentials (several accounts with sudo) and internet exposure of SSH and PostgreSQL. The root cause centers on weak handling of default cr...

SUSE CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

SUSE: Security Advisory (SUSE-SU-2024:2266-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2025-1568 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

CVE-2024-55633

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

CVE-2023-41120

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...