CRITICAL9.9CVE-2026-7813pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules from 0, < 9.15
CRITICAL9.9CVE-2025-2945pgAdmin 4 Vulnerable to Remote Code Execution from 0, < 9.2
CRITICAL9.9CVE-2024-2044pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user from 0, < 8.4
CRITICAL9.1pgadmin4 has a Meta-Command Filter Command Execution
from 0, < 9.11
CRITICAL9.1pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
from 0, < 9.10
CRITICAL9.1pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering
from 0, < 9.2
HIGH8.8SQL injection vulnerability in pgAdmin 4 Maintenance Tool
from 0, < 9.15
HIGH8.8pgAdmin 4: OS command injection vulnerability in Import/Export query export
from 0, < 9.15
HIGH8.8pgadmin4 vulnerable to Code Injection
from 0, < 6.17
HIGH8.6OAuth2 client ID and secret exposed through the web browser
from 0, < 8.12
HIGH8.1pgAdmin 4 File Manager has symbolic-link path traversal
from 0, < 9.15
HIGH8.0pgAdmin has Incorrect Default Permissions
from 0, < 7.0
HIGH7.9pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
from 0, < 9.8
HIGH7.5pgAdmin is affected by an LDAP injection vulnerability
from 0, < 9.10
HIGH7.5pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification
from 0, < 9.10
HIGH7.4pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
from 0, < 9.12
HIGH7.4pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
from 0, < 8.6
HIGH7.4pgAdmin is affected by a multi-factor authentication bypass vulnerability
from 0, < 8.6
HIGH7.4pgAdmin Remote Code Execution (RCE) vulnerability
from 0, < 8.5
HIGH7.0pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager
from 0, < 9.15
MEDIUM6.8pgAdmin 4 has command injection vulnerability on Windows systems
from 0, < 9.10
MEDIUM6.5pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities
from 0, < 9.15
MEDIUM6.5pgAdmin 4: Improper restriction of excessive authentication attempts
from 0, < 9.15
MEDIUM6.5pgAdmin 4 vulnerable to directory traversal
from 0, < 6.19
MEDIUM6.5pgAdmin 4 Path Traversal vulnerability
from 0, < 6.7
MEDIUM6.1pgAdmin 4 Open Redirect vulnerability
from 0, < 6.14
MEDIUM6.0pgAdmin failed to properly control the server code
from 0, < 7.7
MEDIUM4.8pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules
from 0, < 9.15