pkg:Maven/org.postgresql:postgresql

11 total CVEsCRITICAL4HIGH5MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2024-1597org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
    from 0, < 42.2.28
  • CRITICAL10.0CVE-2024-1597org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
    >= 42.7.0, < 42.7.2
  • CRITICAL9.8CVE-2022-26520Path traversal in org.postgresql:postgresql
    >= 42.1.0, < 42.3.3
  • CRITICAL9.8CVE-2022-26520Path traversal in org.postgresql:postgresql
    >= 42.1.0, < 42.3.3
  • HIGH8.2CVE-2025-49146pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
    >= 42.7.4, < 42.7.7
  • HIGH7.7CVE-2020-13692Improper Restriction of XML External Entity Reference
    >= 9.4.1212.jre6, < 42.2.13
  • HIGH7.5CVE-2026-42198pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
    >= 42.2.0, < 42.7.11
  • HIGH7.1CVE-2022-31197PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
    from 0, < 42.2.26
  • HIGH7.0CVE-2022-21724pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
    >= 9.4.1208, < 42.2.25
  • MEDIUM4.7CVE-2022-41946TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc
    >= 42.2.0, < 42.2.27
  • CVE-2012-1618Unescaped parameters in the PostgreSQL JDBC driver
    from 0, < 8.2