Package impact
Go / github.com/jackc/pgx
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41889 | critical | 9.8 | 9.8 | 20d ago | pgx: SQL Injection via placeholder confusion with dollar quoted string literals | |||
| CVE-2024-27304 | critical | 9.8 | 9.8 | 2y ago | pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message si… | |||
| CVE-2024-27289 | high | 8.1 | 8.1 | 2y ago | pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder fo… |