| CVE-2026-7813 |
critical |
9.9 |
9.9 |
16d ago |
pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules |
|
| CVE-2026-7816 |
high |
8.8 |
8.8 |
16d ago |
pgAdmin 4: OS command injection vulnerability in Import/Export query export |
|
| CVE-2026-7815 |
high |
8.8 |
8.8 |
16d ago |
SQL injection vulnerability in pgAdmin 4 Maintenance Tool |
|
| CVE-2026-7819 |
high |
8.1 |
8.1 |
16d ago |
pgAdmin 4 File Manager has symbolic-link path traversal |
|
| CVE-2026-7818 |
high |
7.8 |
7.8 |
16d ago |
pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager |
|
| CVE-2026-7820 |
medium |
6.5 |
6.5 |
16d ago |
pgAdmin 4: Improper restriction of excessive authentication attempts |
|
| CVE-2026-7817 |
medium |
6.5 |
6.5 |
16d ago |
pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities |
|
| CVE-2026-7814 |
medium |
4.8 |
4.8 |
16d ago |
pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules |
|
| CVE-2024-3116 |
unknown |
— |
1.0 |
2y ago |
pgAdmin Remote Code Execution (RCE) vulnerability |
|
| CVE-2026-1707 |
unknown |
— |
— |
4mo ago |
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability |
|
| CVE-2025-13780 |
unknown |
— |
— |
6mo ago |
pgadmin4 has a Meta-Command Filter Command Execution |
|
| CVE-2025-12765 |
unknown |
— |
— |
7mo ago |
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification |
|
| CVE-2025-12762 |
unknown |
— |
— |
7mo ago |
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode |
|
| CVE-2025-12763 |
unknown |
— |
— |
7mo ago |
pgAdmin 4 has command injection vulnerability on Windows systems |
|
| CVE-2025-12764 |
unknown |
— |
— |
7mo ago |
pgAdmin is affected by an LDAP injection vulnerability |
|
| CVE-2025-9636 |
unknown |
— |
— |
9mo ago |
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability |
|
| CVE-2025-2945 |
unknown |
— |
— |
1y ago |
pgAdmin 4 Vulnerable to Remote Code Execution |
|
| CVE-2025-2946 |
unknown |
— |
— |
1y ago |
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering |
|
| CVE-2023-1907 |
unknown |
— |
— |
1y ago |
pgAdmin has Incorrect Default Permissions |
|
| CVE-2024-9014 |
unknown |
— |
— |
2y ago |
OAuth2 client ID and secret exposed through the web browser |
|
| CVE-2024-4216 |
unknown |
— |
— |
2y ago |
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload |
|
| CVE-2024-4215 |
unknown |
— |
— |
2y ago |
pgAdmin is affected by a multi-factor authentication bypass vulnerability |
|
| CVE-2024-2044 |
unknown |
— |
— |
2y ago |
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user |
|
| CVE-2023-5002 |
unknown |
— |
— |
3y ago |
pgAdmin failed to properly control the server code |
|
| CVE-2023-0241 |
unknown |
— |
— |
3y ago |
pgAdmin 4 vulnerable to directory traversal |
|
| CVE-2023-22298 |
unknown |
— |
— |
3y ago |
pgAdmin 4 Open Redirect vulnerability |
|
| CVE-2022-4223 |
unknown |
— |
— |
4y ago |
pgadmin4 vulnerable to Code Injection |
|
| CVE-2022-0959 |
unknown |
— |
— |
4y ago |
pgAdmin 4 Path Traversal vulnerability |
|