| 2022-03-04 | CVE-2021-23214 | When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 8.1 |
| 2021-04-01 | CVE-2021-3393 | An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. | 4.3 |
| 2021-03-19 | CVE-2019-10128 | Unspecified vulnerability in Postgresql
A vulnerability was found in postgresql versions 11.x prior to 11.3. | 7.8 |
| 2021-03-19 | CVE-2019-10127 | Unspecified vulnerability in Postgresql
A vulnerability was found in postgresql versions 11.x prior to 11.3. | 8.8 |
| 2020-11-23 | CVE-2020-25696 | A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 7.5 |
| 2020-11-16 | CVE-2020-25695 | A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 8.8 |
| 2020-11-16 | CVE-2020-25694 | A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. | 8.1 |
| 2020-09-16 | CVE-2020-10733 | Untrusted Search Path vulnerability in Postgresql
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. | 7.3 |
| 2020-08-24 | CVE-2020-14350 | Untrusted Search Path vulnerability in multiple products
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. | 7.3 |
| 2019-10-29 | CVE-2019-10211 | Unspecified vulnerability in Postgresql
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | 9.8 |