Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PostgreSQL Number Of NVD 154 CRITICAL 7 HIGH 63 MEDIUM 77 LOW 7
URL https://www.postgresql.org/
Explanation PostgreSQL is an object-relational database management system (ORDBMS) based on POSTGRES, Version 4.2, developed by the Department of Computer Science at the University of California, Berkeley.

Extracted from [https://www.postgresql.jp/document/11/html/intro-whatis.html]

From version 10 onwards, the integer part represents major versions and the decimal part represents minor updates.

Every year, a major version including new features is released.
Minor releases with bugs and security fixes will be released at least once every three months, if necessary.
Unscheduled releases will be made for urgent security issues.
Support is provided for five years after the major version is released.
Tag
  • 商用ライセンス有り
  • オープンソース
  • PostgreSQL Licence
Add Information URL
No Type Name URL
1 https://www.postgresql.org/support/versioning/
2 https://wiki.postgresql.org/wiki/Main_Page
3 https://www.postgresql.jp/
4 https://www.postgresql.org/download/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 PostgreSQL 16 16.11 Nov. 13, 2025 Sept. 14, 2023 Sept. 9, 2028 0 2 2 0
2 PostgreSQL 15 15.15 Nov. 13, 2025 Jan. 13, 2022 Nov. 11, 2027 0 6 4 1
3 PostgreSQL 14 14.20 Nov. 13, 2025 May 15, 2021 Nov. 12, 2026 0 8 5 1
4 PostgreSQL 13 13.23 Nov. 13, 2025 Sept. 24, 2020 Nov. 23, 2025 0 12 10 1
5 PostgreSQL 12 12.22 Nov. 21, 2024 Oct. 3, 2019 Nov. 14, 2024 0 15 11 1
6 PostgreSQL 11 11.22 Nov. 9, 2023 Oct. 18, 2018 Nov. 9, 2023 2 19 12 1
7 PostgreSQL 10 10.23 Nov. 10, 2022 Oct. 5, 2017 Nov. 10, 2022 3 21 9 0
8 PostgreSQL 9 9.6.24 Sept. 20, 2010 Oct. 8, 2015 6 39 37 0
9 PostgreSQL 8 8.0.9 Jan. 19, 2005 July 24, 2014 4 31 48 3
10 PostgreSQL 7 7.0.3 May 8, 2000 May 8, 2005 4 31 38 4
11 PostgreSQL 6 6.5.3 Jan. 29, 1997 June 9, 2004 4 21 20 2
12 PostgreSQL 1 1.09 Nov. 4, 1996 Jan. 1, 2000 4 21 22 1
13 PostgreSQL - - 4 17 14 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 7.5
- 		HIGH
Network 		Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The att… CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2024-7348 cpe:2.3:a:postgresql:postgresql:*:* 16.0
15.0
14.0
13.0
12.0







16.4
15.8
14.13
13.16
12.20 		2024-11-21 18:51
2024-08-8 		Show GitHub Exploit DB Packet Storm
2 8.0
- 		HIGH
Network 		Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions… NVD-CWE-noinfo
CVE-2024-0985 cpe:2.3:a:postgresql:postgresql:*:* 15.0
14.0
13.0
12.0





15.6
14.11
13.14
12.18 		2024-11-21 17:47
2024-02-8 		Show GitHub Exploit DB Packet Storm
3 4.3
- 		MEDIUM
Network 		A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handli… NVD-CWE-noinfo
CVE-2023-5868 cpe:2.3:a:postgresql:postgresql:16.0:*
cpe:2.3:a:postgresql:postgresql:*:* 		15.0
14.0
13.0
12.0
11.0







15.5
14.10
13.13
12.17
11.22 		2024-11-21 17:42
2023-12-11 		Show GitHub Exploit DB Packet Storm
4 4.4
- 		MEDIUM
Network 		A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Succe… NVD-CWE-noinfo
CVE-2023-5870 cpe:2.3:a:postgresql:postgresql:16.0:*
cpe:2.3:a:postgresql:postgresql:*:* 		15.0
14.0
13.0
12.0
11.0







15.5
14.10
13.13
12.17
11.22 		2024-11-21 17:42
2023-12-11 		Show GitHub Exploit DB Packet Storm
5 8.8
- 		HIGH
Network 		A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an inte… CWE-190
 Integer Overflow or Wraparound 		CVE-2023-5869 cpe:2.3:a:postgresql:postgresql:16.0:*
cpe:2.3:a:postgresql:postgresql:*:* 		15.0
14.0
13.0
12.0
11.0







15.5
14.10
13.13
12.17
11.22 		2024-11-21 17:42
2023-12-11 		Show GitHub Exploit DB Packet Storm
6 4.4
- 		MEDIUM
Local 		An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot sen… CWE-120
Classic Buffer Overflow 		CVE-2020-21469 cpe:2.3:a:postgresql:postgresql:12.2:* 2024-11-21 14:12
2023-08-23 		Show GitHub Exploit DB Packet Storm
7 4.3
- 		MEDIUM
Network 		A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forb… NVD-CWE-noinfo
CVE-2023-39418 cpe:2.3:a:postgresql:postgresql:*:* 15.0 15.4 2024-11-21 17:15
2023-08-11 		Show GitHub Exploit DB Packet Storm
8 8.8
- 		HIGH
Network 		IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an adm… CWE-89
SQL Injection 		CVE-2023-39417 cpe:2.3:a:postgresql:postgresql:*:* 11.0
15.0
14.0
13.0
12.0







11.21
15.4
14.9
13.12
12.16 		2024-11-21 17:15
2023-08-11 		Show GitHub Exploit DB Packet Storm
9 7.2
- 		HIGH
Network 		schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitr… NVD-CWE-noinfo
CVE-2023-2454 cpe:2.3:a:postgresql:postgresql:*:* 15.0
14.0
13.0
12.0
11.0







15.3
14.8
13.11
12.15
11.20 		2024-11-21 16:58
2023-06-10 		Show GitHub Exploit DB Packet Storm
10 5.4
- 		MEDIUM
Network 		Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is pl… NVD-CWE-noinfo
CVE-2023-2455 cpe:2.3:a:postgresql:postgresql:*:* 15.0
14.0
13.0
12.0
11.0







15.3
14.8
13.11
12.15
11.20 		2024-11-21 16:58
2023-06-10 		Show GitHub Exploit DB Packet Storm