Package impact
Go / github.com/jackc/pgproto3/v2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2024-27304 | critical | 9.8 | 9.8 | 2y ago | pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message si… | |
| CVE-2026-4427 | unknown | — | — | 2mo ago | Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode | |
| CVE-2026-32286 | unknown | — | — | 2mo ago | The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out … |