CVE-2026-6575

Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...

CVE-2026-9617 PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() function

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

SUSE SLES15 Security Update : postgresql18 (SUSE-SU-2026:1945-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1945-1 advisory. This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user h...

RHSA-2026:4504 Red Hat Security Advisory: postgresql:13 security update

Bulletin has no description...

Important: Red Hat Security Advisory: postgresql:13 security update

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...

RHSA-2026:4063 Red Hat Security Advisory: postgresql:16 security update

Bulletin has no description...

postgresql16-16.12-1.1 on GA media (moderate)

postgresql16-16.12-1.1 on GA media Announcement ID: openSUSE-SU-2026:10192-1 Rating: moderate Cross-References: CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These are all...

postgresql15-15.16-1.1 on GA media (moderate)

postgresql15-15.16-1.1 on GA media Announcement ID: openSUSE-SU-2026:10191-1 Rating: moderate Cross-References: CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These are all...

CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

Oracle Linux 8 : postgresql:13 (ELSA-2026-0523)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0523 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 13.23-1 - Update to 13.23 - Resolves: RHEL-128818 CVE-2025-12818 Tenable has extracted the preceding...

SUSE-SU-2025:4484-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgraded to 15.15: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...

CLSA-2025-1765287627 Update of postgresql

Bump release to 9.2.24-9.0.3.tuxcare.els1...

EUVD-2006-2315

Malware in sbrugna...

EUVD-2018-2979

Malware in sbrugna...

EUVD-2010-1994

Malware in sbrugna...

EUVD-2025-27538

Malicious code in bioql PyPI...

CVE-2025-10226

Dependency on Vulnerable Third-Party Component CWE-1395 in the PostgreSQL backend in AxxonSoft Axxon One C-Werk 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs presen...

CVE-2025-10226 PostgreSQL Upgrade from v10 to v17.4 in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier to Address Multiple Vulnerabilities

Dependency on Vulnerable Third-Party Component CWE-1395 in the PostgreSQL backend in AxxonSoft Axxon One C-Werk 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs presen...

Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL13-2025-012 (ALASPOSTGRESQL13-2025-012)

The version of postgresql installed on the remote host is prior to 13.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2025-012 advisory. PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access...

RHSA-2025:15031 Red Hat Security Advisory: postgresql:15 security update

Bulletin has no description...