pkg:Debian/postgresql-13

57 total CVEsHIGH32MEDIUM19LOW6

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2026-6637PostgreSQL refint allows stack buffer overflow and SQL injection
    from 0
  • HIGH8.8CVE-2026-6477PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
    from 0
  • HIGH8.8CVE-2026-6475PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
    from 0
  • HIGH8.8CVE-2026-6473PostgreSQL server undersizes allocations, via integer wraparound
    from 0
  • HIGH8.8CVE-2026-2006PostgreSQL missing validation of multibyte character length executes arbitrary code
    from 0, < 13.23-0+deb11u2
  • HIGH8.8CVE-2026-2005PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
    from 0, < 13.23-0+deb11u2
  • HIGH8.8CVE-2026-2004PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
    from 0, < 13.23-0+deb11u2
  • HIGH8.8CVE-2025-8715PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server
    from 0, < 13.22-0+deb11u1
  • HIGH8.8CVE-2025-8714PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
    from 0, < 13.22-0+deb11u1
  • HIGH8.8CVE-2024-10979PostgreSQL PL/Perl environment variable changes execute arbitrary code
    from 0, < 13.17-0+deb11u1
  • HIGH8.8CVE-2023-5869Postgresql: buffer overrun from integer overflow in array modification
    from 0, < 13.13-0+deb11u1
  • HIGH8.8CVE-2023-39417Postgresql: extension script @substitutions@ within quoting allow sql injection
    from 0, < 13.13-0+deb11u1
  • HIGH8.8CVE-2023-39417Postgresql: extension script @substitutions@ within quoting allow sql injection
    from 0, < 13.13-0+deb11u1
  • HIGH8.8CVE-2022-1552postgresql-13 - security update
    from 0, < 13.7-0+deb11u1
  • HIGH8.8CVE-2022-1552postgresql-13 - security update
    from 0, < 13.7-0+deb11u1
  • HIGH8.8CVE-2021-32027postgresql-11 - security update
    from 0, < 13.3-1
  • HIGH8.8CVE-2020-25695A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
    from 0, < 13.1-1
  • HIGH8.1CVE-2025-1094PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
    from 0, < 13.20-0+deb11u1
  • HIGH8.1CVE-2025-1094PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
    from 0, < 13.19-0+deb11u1
  • HIGH8.1CVE-2025-1094PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
    from 0, < 13.20-0+deb11u1
  • HIGH8.1CVE-2021-23214postgresql-13 - security update
    from 0, < 13.5-0+deb11u1
  • HIGH8.1CVE-2021-23214postgresql-13 - security update
    from 0, < 13.5-0+deb11u1
  • HIGH8.1CVE-2020-25694postgresql-9.6 - security update
    from 0, < 13.1-1
  • HIGH8.0CVE-2024-0985PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
    from 0, < 13.14-0+deb11u1
  • HIGH8.0CVE-2024-0985PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
    from 0, < 13.14-0+deb11u1
  • HIGH8.0CVE-2022-2625postgresql-11 - security update
    from 0, < 13.8-0+deb11u1
  • HIGH7.5CVE-2026-6479PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
    from 0
  • HIGH7.5CVE-2024-7348PostgreSQL relation replacement during pg_dump executes arbitrary SQL
    from 0, < 13.16-0+deb11u1
  • HIGH7.5CVE-2024-7348PostgreSQL relation replacement during pg_dump executes arbitrary SQL
    from 0, < 13.16-0+deb11u1
  • HIGH7.5CVE-2020-25696A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.…
    from 0, < 13.1-1
  • HIGH7.2CVE-2023-2454postgresql-13 - security update
    from 0, < 13.11-0+deb11u1
  • HIGH7.2CVE-2023-2454postgresql-13 - security update
    from 0, < 13.11-0+deb11u1
  • MEDIUM6.5CVE-2026-6478PostgreSQL discloses MD5-hashed passwords via covert timing channel
    from 0
  • MEDIUM6.5CVE-2021-3677A flaw was found in postgresql.
    from 0, < 13.4-0+deb11u1
  • MEDIUM6.5CVE-2021-32028A flaw was found in postgresql.
    from 0, < 13.3-1
  • MEDIUM6.5CVE-2021-32029A flaw was found in postgresql.
    from 0, < 13.3-1
  • MEDIUM5.9CVE-2025-12818PostgreSQL libpq undersizes allocations, via integer wraparound
    from 0, < 13.23-0+deb11u1
  • MEDIUM5.9CVE-2025-4207PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
    from 0, < 13.21-0+deb11u1
  • MEDIUM5.9CVE-2025-4207PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
    from 0, < 13.21-0+deb11u1
  • MEDIUM5.9CVE-2021-23222A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification…
    from 0, < 13.5-0+deb11u1
  • MEDIUM5.4CVE-2026-6472PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
    from 0
  • MEDIUM5.4CVE-2024-10976PostgreSQL row security below e.g. subqueries disregards user ID changes
    from 0, < 13.17-0+deb11u1
  • MEDIUM5.4CVE-2024-10976PostgreSQL row security below e.g. subqueries disregards user ID changes
    from 0, < 13.17-0+deb11u1
  • MEDIUM5.4CVE-2023-2455Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases w…
    from 0, < 13.11-0+deb11u1
  • MEDIUM4.4CVE-2023-5870Postgresql: role pg_signal_backend can signal certain superuser processes.
    from 0, < 13.13-0+deb11u1
  • MEDIUM4.3CVE-2026-6474PostgreSQL timeofday() can disclose portions of server memory
    from 0
  • MEDIUM4.3CVE-2026-2003PostgreSQL oidvector discloses a few bytes of memory
    from 0, < 13.23-0+deb11u2
  • MEDIUM4.3CVE-2023-5868Postgresql: memory disclosure in aggregate function calls
    from 0, < 13.13-0+deb11u1
  • MEDIUM4.3CVE-2021-3393An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11.
    from 0, < 13.2-1
  • MEDIUM4.3CVE-2021-20229A flaw was found in PostgreSQL in versions before 13.2.
    from 0, < 13.2-1
  • MEDIUM4.2CVE-2024-10978PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
    from 0, < 13.17-0+deb11u1
  • LOW3.7CVE-2024-10977PostgreSQL libpq retains an error message from man-in-the-middle
    from 0, < 13.17-0+deb11u1
  • LOW3.7CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption.
    from 0, < 13.10-0+deb11u1
  • LOW3.1CVE-2025-12817PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
    from 0, < 13.23-0+deb11u1
  • LOW3.1CVE-2025-12817PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
    from 0, < 13.23-0+deb11u1
  • LOW3.1CVE-2025-8713PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
    from 0, < 13.22-0+deb11u1
  • LOW3.1CVE-2025-8713PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
    from 0, < 13.22-0+deb11u1