HIGH8.8CVE-2026-6637PostgreSQL refint allows stack buffer overflow and SQL injection from 0, < 15.18-0+deb12u1
HIGH8.8CVE-2026-6477PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory from 0, < 15.18-0+deb12u1
HIGH8.8CVE-2026-6475PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice from 0, < 15.18-0+deb12u1
HIGH8.8PostgreSQL server undersizes allocations, via integer wraparound
from 0, < 15.18-0+deb12u1
HIGH8.8PostgreSQL missing validation of multibyte character length executes arbitrary code
from 0, < 15.16-0+deb12u1
HIGH8.8PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
from 0, < 15.16-0+deb12u1
HIGH8.8PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
from 0, < 15.16-0+deb12u1
HIGH8.8PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server
from 0, < 15.14-0+deb12u1
HIGH8.8PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
from 0, < 15.14-0+deb12u1
HIGH8.8PostgreSQL PL/Perl environment variable changes execute arbitrary code
from 0, < 15.9-0+deb12u1
HIGH8.8Postgresql: buffer overrun from integer overflow in array modification
from 0, < 15.5-0+deb12u1
HIGH8.8postgresql-13 - security update
from 0, < 15.5-0+deb12u1
HIGH8.8postgresql-13 - security update
from 0, < 15.5-0+deb12u1
HIGH8.1postgresql-13 - regression update
from 0, < 15.11-0+deb12u1
HIGH8.0postgresql-15 - security update
from 0, < 15.6-0+deb12u1
HIGH8.0postgresql-15 - security update
from 0, < 15.6-0+deb12u1
HIGH7.5PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
from 0, < 15.18-0+deb12u1
HIGH7.5postgresql-13 - security update
from 0, < 15.8-0+deb12u1
HIGH7.5postgresql-13 - security update
from 0, < 15.8-0+deb12u1
HIGH7.2postgresql-13 - security update
from 0, < 15.3-0+deb12u1
MEDIUM6.5PostgreSQL discloses MD5-hashed passwords via covert timing channel
from 0, < 15.18-0+deb12u1
MEDIUM5.9PostgreSQL libpq undersizes allocations, via integer wraparound
from 0, < 15.15-0+deb12u1
MEDIUM5.9postgresql-13 - security update
from 0, < 15.13-0+deb12u1
MEDIUM5.4PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
from 0, < 15.18-0+deb12u1
MEDIUM5.4postgresql-15 - security update
from 0, < 15.9-0+deb12u1
MEDIUM5.4postgresql-15 - security update
from 0, < 15.9-0+deb12u1
MEDIUM5.4Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases w…
from 0, < 15.3-0+deb12u1
MEDIUM4.4Postgresql: role pg_signal_backend can signal certain superuser processes.
from 0, < 15.5-0+deb12u1
MEDIUM4.3PostgreSQL timeofday() can disclose portions of server memory
from 0, < 15.18-0+deb12u1
MEDIUM4.3postgresql-17 - security update
from 0, < 15.16-0+deb12u1
MEDIUM4.3postgresql-17 - security update
from 0, < 15.16-0+deb12u1
MEDIUM4.3PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
from 0, < 15.7-0+deb12u1
MEDIUM4.3postgresql-11 - security update
from 0, < 15.5-0+deb12u1
MEDIUM4.3Postgresql: merge fails to enforce update or select row security policies
from 0, < 15.5-0+deb12u1
MEDIUM4.2PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
from 0, < 15.9-0+deb12u1
LOW3.7PostgreSQL libpq retains an error message from man-in-the-middle
from 0, < 15.9-0+deb12u1
LOW3.7In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption.
from 0, < 15.2-1
LOW3.1postgresql-13 - security update
from 0, < 15.15-0+deb12u1
LOW3.1postgresql-13 - security update
from 0, < 15.14-0+deb12u1