Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PostgreSQL Number Of NVD 165 CRITICAL 7 HIGH 70 MEDIUM 81 LOW 7
URL https://www.postgresql.org/
Explanation PostgreSQL is an object-relational database management system (ORDBMS) based on POSTGRES, Version 4.2, developed by the Department of Computer Science at the University of California, Berkeley.

Extracted from [https://www.postgresql.jp/document/11/html/intro-whatis.html]

From version 10 onwards, the integer part represents major versions and the decimal part represents minor updates.

Every year, a major version including new features is released.
Minor releases with bugs and security fixes will be released at least once every three months, if necessary.
Unscheduled releases will be made for urgent security issues.
Support is provided for five years after the major version is released.
Tag
  • 商用ライセンス有り
  • オープンソース
  • PostgreSQL Licence
Add Information URL
No Type Name URL
1 https://www.postgresql.org/support/versioning/
2 https://wiki.postgresql.org/wiki/Main_Page
3 https://www.postgresql.jp/
4 https://www.postgresql.org/download/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 PostgreSQL 16 16.11 Nov. 13, 2025 Sept. 14, 2023 Sept. 9, 2028 0 8 5 0
2 PostgreSQL 15 15.15 Nov. 13, 2025 Jan. 13, 2022 Nov. 11, 2027 0 11 7 1
3 PostgreSQL 14 14.20 Nov. 13, 2025 May 15, 2021 Nov. 12, 2026 0 13 8 1
4 PostgreSQL 13 13.23 Nov. 13, 2025 Sept. 24, 2020 Nov. 23, 2025 0 17 13 1
5 PostgreSQL 12 12.22 Nov. 21, 2024 Oct. 3, 2019 Nov. 14, 2024 0 20 14 1
6 PostgreSQL 11 11.22 Nov. 9, 2023 Oct. 18, 2018 Nov. 9, 2023 2 24 15 1
7 PostgreSQL 10 10.23 Nov. 10, 2022 Oct. 5, 2017 Nov. 10, 2022 3 26 12 0
8 PostgreSQL 9 9.6.24 Sept. 20, 2010 Oct. 8, 2015 6 44 40 0
9 PostgreSQL 8 8.0.9 Jan. 19, 2005 July 24, 2014 4 36 51 3
10 PostgreSQL 7 7.0.3 May 8, 2000 May 8, 2005 4 36 41 4
11 PostgreSQL 6 6.5.3 Jan. 29, 1997 June 9, 2004 4 26 23 2
12 PostgreSQL 1 1.09 Nov. 4, 1996 Jan. 1, 2000 4 26 25 1
13 PostgreSQL - - 4 22 17 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 8.8
- 		HIGH
Network 		SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credenti… CWE-89
SQL Injection 		CVE-2026-6638 cpe:2.3:a:postgresql:postgresql:*:* 16.0
17.0
18.0



16.14
17.10
18.4 		2026-05-18 23:14
2026-05-14 		Show GitHub Exploit DB Packet Storm
2 8.8
- 		HIGH
Network 		Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if… CWE-89
CWE-121
SQL Injection
Stack-based Buffer Overflow 		CVE-2026-6637 cpe:2.3:a:postgresql:postgresql:*:*
15.0
16.0
17.0
18.0







14.23
15.18
16.14
17.10
18.4 		2026-05-19 00:05
2026-05-14 		Show GitHub Exploit DB Packet Storm
3 4.3
- 		MEDIUM
Network 		Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain… CWE-126
 Buffer Over-read 		CVE-2026-6575 cpe:2.3:a:postgresql:postgresql:*:* 18.0 18.4 2026-05-19 00:04
2026-05-14 		Show GitHub Exploit DB Packet Storm
4 7.5
- 		HIGH
Network 		Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disable… CWE-674
 Uncontrolled Recursion 		CVE-2026-6479 cpe:2.3:a:postgresql:postgresql:*:*
15.0
16.0
17.0
18.0







14.23
15.18
16.14
17.10
18.4 		2026-05-19 00:04
2026-05-14 		Show GitHub Exploit DB Packet Storm
5 6.5
- 		MEDIUM
Network 		Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 … CWE-385
 Covert Timing Channel 		CVE-2026-6478 cpe:2.3:a:postgresql:postgresql:*:*
15.0
16.0
17.0
18.0







14.23
15.18
16.14
17.10
18.4 		2026-05-19 00:03
2026-05-14 		Show GitHub Exploit DB Packet Storm
6 8.8
- 		HIGH
Network 		Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a cli… CWE-242
 Use of Inherently Dangerous Function 		CVE-2026-6477 cpe:2.3:a:postgresql:postgresql:*:*
15.0
16.0
17.0
18.0







14.23
15.18
16.14
17.10
18.4 		2026-05-19 00:03
2026-05-14 		Show GitHub Exploit DB Packet Storm
7 7.2
- 		HIGH
Network 		SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next r… CWE-89
SQL Injection 		CVE-2026-6476 cpe:2.3:a:postgresql:postgresql:*:* 17.0
18.0

17.10
18.4 		2026-05-19 00:02
2026-05-14 		Show GitHub Exploit DB Packet Storm
8 8.8
- 		HIGH
Network 		Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system accou… CWE-61
 UNIX Symbolic Link (Symlink) Following 		CVE-2026-6475 cpe:2.3:a:postgresql:postgresql:*:*
15.0
16.0
17.0
18.0







14.23
15.18
16.14
17.10
18.4 		2026-05-19 00:02
2026-05-14 		Show GitHub Exploit DB Packet Storm
9 4.3
- 		MEDIUM
Network 		Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 1… CWE-134
Use of Externally-Controlled Format String 		CVE-2026-6474 cpe:2.3:a:postgresql:postgresql:*:*
15.0
16.0
17.0
18.0







14.23
15.18
16.14
17.10
18.4 		2026-05-19 00:00
2026-05-14 		Show GitHub Exploit DB Packet Storm
10 8.8
- 		HIGH
Network 		Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code… CWE-190
 Integer Overflow or Wraparound 		CVE-2026-6473 cpe:2.3:a:postgresql:postgresql:*:*
15.0
16.0
17.0
18.0







14.23
15.18
16.14
17.10
18.4 		2026-05-18 23:59
2026-05-14 		Show GitHub Exploit DB Packet Storm