Lucene search
K

5 matches found

CVE
CVE
added 2024/03/06 6:28 p.m.783 views

CVE-2024-27289

CVE-2024-27289 affects the Go pgx PostgreSQL driver. Before 4.18.2, a SQL injection can occur when using the non-default simple protocol with a minus immediately before a numeric placeholder and a second placeholder for a string on the same line, with both values user-controlled. The issue is fix...

8.1CVSS8.3AI score0.00854EPSS
CVE
CVE
added 2024/03/06 7:7 p.m.402 views

CVE-2024-27304

CVE-2024-27304 affects pgx, a PostgreSQL driver/toolkit for Go. The vulnerability enables SQL injection when an attacker can cause a single query or Bind message to exceed 4 GB due to an integer overflow in message size calculation, which can cause the large message to be split into multiple mess...

9.8CVSS9.6AI score0.01109EPSS
CVE
CVE
added 2026/04/07 3:19 p.m.72 views

CVE-2026-33815

A memory-safety vulnerability in the Go PostgreSQL driver/toolkit github.com/jackc/pgx/v5 is described across multiple sources. Several references (including OSV advisories and attacker-trusted feeds) note that pgx prior to v5.9.0 contains the issue, implying that versions 5.9.0+ or newer mitigat...

9.8CVSS5.9AI score0.00605EPSS
CVE
CVE
added 2026/04/07 3:19 p.m.42 views

CVE-2026-33816

Technical details for CVE-2026-33816 are not publicly available in the provided documents; no affected versions, exploit info, impact, or fixes are disclosed. Monitor for updates.

9.8CVSS5.9AI score0.00561EPSS
CVE
CVE
added 2026/05/08 3:53 p.m.20 views

CVE-2026-41889

CVE-2026-41889 affects the pgx PostgreSQL driver for Go. Before version 5.9.2, using the non-default simple protocol with a dollar-quoted string containing text that can be interpreted as a placeholder outside of a string literal allows SQL injection when the placeholder value is attacker-control...

9.8CVSS5.7AI score0.00356EPSS