pkg:PyPI/pgadmin4

28 total CVEsCRITICAL6HIGH14MEDIUM8

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2026-7813pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules
    from 0, < 9.15
  • CRITICAL9.9CVE-2025-2945pgAdmin 4 Vulnerable to Remote Code Execution
    from 0, < 9.2
  • CRITICAL9.9CVE-2024-2044pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
    from 0, < 8.4
  • CRITICAL9.1CVE-2025-13780pgadmin4 has a Meta-Command Filter Command Execution
    from 0, < 9.11
  • CRITICAL9.1CVE-2025-12762pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
    from 0, < 9.10
  • CRITICAL9.1CVE-2025-2946pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering
    from 0, < 9.2
  • HIGH8.8CVE-2026-7815SQL injection vulnerability in pgAdmin 4 Maintenance Tool
    from 0, < 9.15
  • HIGH8.8CVE-2026-7816pgAdmin 4: OS command injection vulnerability in Import/Export query export
    from 0, < 9.15
  • HIGH8.8CVE-2022-4223pgadmin4 vulnerable to Code Injection
    from 0, < 6.17
  • HIGH8.6CVE-2024-9014OAuth2 client ID and secret exposed through the web browser
    from 0, < 8.12
  • HIGH8.1CVE-2026-7819pgAdmin 4 File Manager has symbolic-link path traversal
    from 0, < 9.15
  • HIGH8.0CVE-2023-1907pgAdmin has Incorrect Default Permissions
    from 0, < 7.0
  • HIGH7.9CVE-2025-9636pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
    from 0, < 9.8
  • HIGH7.5CVE-2025-12764pgAdmin is affected by an LDAP injection vulnerability
    from 0, < 9.10
  • HIGH7.5CVE-2025-12765pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification
    from 0, < 9.10
  • HIGH7.4CVE-2026-1707pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
    from 0, < 9.12
  • HIGH7.4CVE-2024-4216pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
    from 0, < 8.6
  • HIGH7.4CVE-2024-4215pgAdmin is affected by a multi-factor authentication bypass vulnerability
    from 0, < 8.6
  • HIGH7.4CVE-2024-3116pgAdmin Remote Code Execution (RCE) vulnerability
    from 0, < 8.5
  • HIGH7.0CVE-2026-7818pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager
    from 0, < 9.15
  • MEDIUM6.8CVE-2025-12763pgAdmin 4 has command injection vulnerability on Windows systems
    from 0, < 9.10
  • MEDIUM6.5CVE-2026-7817pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities
    from 0, < 9.15
  • MEDIUM6.5CVE-2026-7820pgAdmin 4: Improper restriction of excessive authentication attempts
    from 0, < 9.15
  • MEDIUM6.5CVE-2023-0241pgAdmin 4 vulnerable to directory traversal
    from 0, < 6.19
  • MEDIUM6.5CVE-2022-0959pgAdmin 4 Path Traversal vulnerability
    from 0, < 6.7
  • MEDIUM6.1CVE-2023-22298pgAdmin 4 Open Redirect vulnerability
    from 0, < 6.14
  • MEDIUM6.0CVE-2023-5002pgAdmin failed to properly control the server code
    from 0, < 7.7
  • MEDIUM4.8CVE-2026-7814pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules
    from 0, < 9.15