Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PostgreSQL Number Of NVD 154 CRITICAL 7 HIGH 63 MEDIUM 77 LOW 7
URL https://www.postgresql.org/
Explanation PostgreSQL is an object-relational database management system (ORDBMS) based on POSTGRES, Version 4.2, developed by the Department of Computer Science at the University of California, Berkeley.

Extracted from [https://www.postgresql.jp/document/11/html/intro-whatis.html]

From version 10 onwards, the integer part represents major versions and the decimal part represents minor updates.

Every year, a major version including new features is released.
Minor releases with bugs and security fixes will be released at least once every three months, if necessary.
Unscheduled releases will be made for urgent security issues.
Support is provided for five years after the major version is released.
Tag
  • オープンソース
  • PostgreSQL Licence
  • 商用ライセンス有り
Add Information URL
No Type Name URL
1 https://www.postgresql.org/support/versioning/
2 https://wiki.postgresql.org/wiki/Main_Page
3 https://www.postgresql.jp/
4 https://www.postgresql.org/download/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 PostgreSQL 16 16.11 Nov. 13, 2025 Sept. 14, 2023 Sept. 9, 2028 0 2 2 0
22 PostgreSQL 15 15.15 Nov. 13, 2025 Jan. 13, 2022 Nov. 11, 2027 0 6 4 1
23 PostgreSQL 14 14.20 Nov. 13, 2025 May 15, 2021 Nov. 12, 2026 0 8 5 1
24 PostgreSQL 13 13.23 Nov. 13, 2025 Sept. 24, 2020 Nov. 23, 2025 0 12 10 1
25 PostgreSQL 12 12.22 Nov. 21, 2024 Oct. 3, 2019 Nov. 14, 2024 0 15 11 1
26 PostgreSQL 11 11.22 Nov. 9, 2023 Oct. 18, 2018 Nov. 9, 2023 2 19 12 1
27 PostgreSQL 10 10.23 Nov. 10, 2022 Oct. 5, 2017 Nov. 10, 2022 3 21 9 0
28 PostgreSQL 9 9.6.24 Sept. 20, 2010 Oct. 8, 2015 6 39 37 0
29 PostgreSQL 8 8.0.9 Jan. 19, 2005 July 24, 2014 4 31 48 3
30 PostgreSQL 7 7.0.3 May 8, 2000 May 8, 2005 4 31 38 4
31 PostgreSQL 6 6.5.3 Jan. 29, 1997 June 9, 2004 4 21 20 2
32 PostgreSQL 1 1.09 Nov. 4, 1996 Jan. 1, 2000 4 21 22 1
33 PostgreSQL - - 4 17 14 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 4.3
3.5 		MEDIUM
Network 		An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft qu… - CVE-2021-3393 cpe:2.3:a:postgresql:postgresql:*:* 13.0
12.0



13.2
12.6
11.11 		2024-11-21 15:21
2021-04-1 		Show GitHub Exploit DB Packet Storm
22 7.8
4.1 		HIGH
Local 		A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the … - CVE-2019-10128 cpe:2.3:a:postgresql:postgresql:*:*
9.5.0
9.6.0
10.0
11.0







9.4.22
9.5.17
9.6.13
10.8
11.3 		2024-11-21 13:18
2021-03-20 		Show GitHub Exploit DB Packet Storm
23 8.8
4.3 		HIGH
Local 		A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of… - CVE-2019-10127 cpe:2.3:a:postgresql:postgresql:*:*
9.5.0
9.6.0
10.0
11.0







9.4.22
9.5.17
9.6.13
10.8
11.3 		2024-11-21 13:18
2021-03-20 		Show GitHub Exploit DB Packet Storm
24 4.3
4.0 		MEDIUM
Network 		A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat … - CVE-2021-20229 cpe:2.3:a:postgresql:postgresql:*:* 13.0 13.2 2024-11-21 14:46
2021-02-24 		Show GitHub Exploit DB Packet Storm
25 7.5
7.6 		HIGH
Network 		A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses … - CVE-2020-25696 cpe:2.3:a:postgresql:postgresql:*:* 9.6.0
10.0
11.0
12.0
13.0
9.5.0









9.6.20
10.15
11.10
12.5
13.1
9.5.24 		2024-11-21 14:18
2020-11-24 		Show GitHub Exploit DB Packet Storm
26 8.8
6.5 		HIGH
Network 		A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at leas… - CVE-2020-25695 cpe:2.3:a:postgresql:postgresql:*:*
9.6.0
10.0
11.0
12.0
13.0









9.5.24
9.6.20
10.15
11.10
12.5
13.1 		2024-11-21 14:18
2020-11-16 		Show GitHub Exploit DB Packet Storm
27 8.1
6.8 		HIGH
Network 		A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections onl… - CVE-2020-25694 cpe:2.3:a:postgresql:postgresql:*:*
9.6.0
10.0
11.0
12.0
13.0









9.5.24
9.6.20
10.15
11.10
12.5
13.1 		2024-11-21 14:18
2020-11-16 		Show GitHub Exploit DB Packet Storm
28 7.3
4.4 		HIGH
Local 		The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working… CWE-426
 Untrusted Search Path 		CVE-2020-10733 cpe:2.3:a:postgresql:postgresql:*:* 9.6
11.0
10.0
12.0
9.5







9.6.18
11.8
10.13
12.3
9.5.22 		2024-11-21 13:55
2020-09-17 		Show GitHub Exploit DB Packet Storm
29 7.3
4.4 		HIGH
Local 		It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into exe… CWE-426
 Untrusted Search Path 		CVE-2020-14350 cpe:2.3:a:postgresql:postgresql:*:* 10.0
11.0
12.0
9.5
9.6







10.14
11.9
12.4
9.5.23
9.6.19 		2024-11-21 14:03
2020-08-24 		Show GitHub Exploit DB Packet Storm
30 7.1
4.6 		HIGH
Network 		It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in … CWE-89
CWE-427
SQL Injection
 Uncontrolled Search Path Element 		CVE-2020-14349 cpe:2.3:a:postgresql:postgresql:*:* 10.0
11.0
12.0



10.14
11.9
12.4 		2024-11-21 14:03
2020-08-24 		Show GitHub Exploit DB Packet Storm