SUSE CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889

A flaw was found in pgx, a PostgreSQL driver and toolkit for Go. This SQL injection vulnerability can occur when using the non-default simple protocol, a dollar-quoted string literal in the SQL query, and when that string literal contains text interpreted as a placeholder with an...

Linux Distros Unpatched Vulnerability : CVE-2026-41889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted...

SQL Injection

Overview github.com/jackc/pgx/internal/sanitize is a PostgreSQL driver and toolkit Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is...

SQL Injection

Overview github.com/jackc/pgx/v5/internal/sanitize is a PostgreSQL driver and toolkit Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is...

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

Impact SQL Injection can occur when: 1. The non-default simple protocol is used. 2. A dollar quoted string literal is used in the SQL query. 3. That string literal contains text that would be would be interpreted as a placeholder outside of a string literal. 4. The value of that placeholder is...

GHSA-J88V-2CHJ-QFWX pgx: SQL Injection via placeholder confusion with dollar quoted string literals

Impact SQL Injection can occur when: 1. The non-default simple protocol is used. 2. A dollar quoted string literal is used in the SQL query. 3. That string literal contains text that would be would be interpreted as a placeholder outside of a string literal. 4. The value of that placeholder is...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted as a placeholder within a dollar quoted string literal. Note: This is...

SQL Injection

Overview github.com/jackc/pgx/v5 is a pure Go driver and toolkit for PostgreSQL Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted...

CVE-2023-53773 MiniDVBLinux 5.4 Unauthenticated Live Stream Disclosure via tv_action.sh

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tvaction.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tvaction.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg...

PT-2025-47321

Name of the Vulnerable Software and Affected Versions Avahi versions up to and including 0.9-rc2 Description Avahi is a system that enables service discovery on a local network using the mDNS/DNS-SD protocol suite. The simple protocol server does not enforce the documented client limit, accepting...

GO-2024-2605 SQL injection in github.com/jackc/pgx/v4

SQL injection is possible when the database uses the non-default simple protocol, a minus sign directly precedes a numeric placeholder followed by a string placeholder on the same line, and both parameter values are user-controlled...

CVE-2024-27289

A flaw was found in pgx. SQL injection can occur when all of the following conditions are met in versions before 4.18.2 of pgx. - The non-default simple protocol is used - A placeholder for a numeric value must be immediately preceded by a minus - There must be a second placeholder for a string...

CVE-2024-27289

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...

UBUNTU-CVE-2024-27289

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...

CVE-2024-27289

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...

CVE-2024-27289

CVE-2024-27289 affects the Go pgx PostgreSQL driver. Before 4.18.2, a SQL injection can occur when using the non-default simple protocol with a minus immediately before a numeric placeholder and a second placeholder for a string on the same line, with both values user-controlled. The issue is fix...

CVE-2024-27289 pgx SQL Injection via Line Comment Creation

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...

pgx SQL Injection via Line Comment Creation

Impact SQL injection can occur when all of the following conditions are met: 1. The non-default simple protocol is used. 2. A placeholder for a numeric value must be immediately preceded by a minus. 3. There must be a second placeholder for a string value after the first placeholder; both must be...

GHSA-M7WR-2XF7-CM9P pgx SQL Injection via Line Comment Creation

Impact SQL injection can occur when all of the following conditions are met: 1. The non-default simple protocol is used. 2. A placeholder for a numeric value must be immediately preceded by a minus. 3. There must be a second placeholder for a string value after the first placeholder; both must be...