Pgadmin.org Pgadmin 4
23 CVEs affecting Pgadmin.org Pgadmin 4. Latest disclosed: 2026-05-11. Critical: 7, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-7813 | Critical | 9.9 | 2026-05-11 | Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple en… |
CVE-2025-2945 | Critical | 9.9 | 2025-04-03 | Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoint… |
CVE-2024-9014 | Critical | 9.9 | 2024-09-23 | pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the c… |
CVE-2024-2044 | Critical | 9.9 | 2024-03-07 | pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Wind… |
CVE-2025-13780 | Critical | 9.1 | 2025-12-11 | pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PL… |
CVE-2025-12762 | Critical | 9.1 | 2025-11-13 | pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLA… |
CVE-2025-2946 | Critical | 9.1 | 2025-04-03 | pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser t… |
CVE-2026-7816 | High | 8.8 | 2026-05-11 | OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacomma… |
CVE-2026-7815 | High | 8.8 | 2026-05-11 | SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_… |
CVE-2026-7819 | High | 8.1 | 2026-05-11 | Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolv… |
CVE-2025-9636 | High | 7.9 | 2025-09-04 | pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potential… |
CVE-2025-12765 | High | 7.5 | 2025-11-13 | pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification. |
CVE-2025-12764 | High | 7.5 | 2025-11-13 | pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the… |
CVE-2026-1707 | High | 7.4 | 2026-02-05 | pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing rest… |
CVE-2024-6238 | High | 7.4 | 2024-06-25 | pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on t… |
CVE-2024-4216 | High | 7.4 | 2024-05-02 | pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script a… |
CVE-2024-4215 | High | 7.4 | 2024-05-02 | pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’… |
CVE-2024-3116 | High | 7.4 | 2024-04-04 | pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute… |
CVE-2026-7818 | High | 7.0 | 2026-05-11 | Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file conten… |
CVE-2025-12763 | Medium | 6.8 | 2025-11-13 | pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup… |