org.postgresql:postgresql
Maven8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.postgresql:postgresqlpage 1 of 1
- CVE-2012-1618NONECVSS 0.0EG 0.0✓ Fixed in 8.22012-10-06
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified…
- CVE-2020-13692HIGHCVSS 7.7EG 7.7✓ Fixed in 42.2.132020-06-04
vulnerable: 42.0.0 ... 9.4.1212.jre7 (58 versions)
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
- CVE-2022-21724HIGHCVSS 7.0EG 7.0✓ Fixed in 42.3.22022-02-02
vulnerable: 42.3.0, 42.3.1
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url o…
- CVE-2022-26520CRITICALCVSS 9.8EG 9.8✓ Fixed in 42.3.32022-03-10
vulnerable: 42.1.0 ... 42.3.2 (104 versions)
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an…
- CVE-2022-31197HIGHCVSS 7.1EG 7.1✓ Fixed in 42.3.72022-08-03
vulnerable: 42.3.0 ... 42.3.6 (7 versions)
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing …
- CVE-2022-41946MEDIUMCVSS 4.7EG 4.7✓ Fixed in 42.5.12022-11-23
vulnerable: 42.5.0
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the Inpu…
- CVE-2024-1597CRITICALCVSS 10.0EG 10.0✓ Fixed in 42.2.82024-02-19
vulnerable: 42.0.0 ... 9.4.1212.jre7 (98 versions)
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded …
- CVE-2026-42198HIGHCVSS 7.5EG 7.5✓ Fixed in 42.7.112026-04-29
vulnerable: 42.2.0 ... 42.7.9 (125 versions)
pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perf…
Check whether org.postgresql:postgresql is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.postgresql:postgresql CVEs against the assets you own.
Start Free Scan →