Product
pgadmin 4
22 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-1707
CVE-2025-13780
CVE-2025-12765
CVE-2025-12764
CVE-2025-12763
CVE-2025-12762
CVE-2025-9636
CVE-2025-2946
CVE-2025-2945
CVE-2023-1907
CVE-2025-0218
CVE-2024-9014
CVE-2024-6238
CVE-2024-4216
CVE-2024-4215
CVE-2024-3116
CVE-2024-2044
CVE-2023-5002
CVE-2023-0241
CVE-2023-22298
CVE-2022-4223
CVE-2022-0959
all versions
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in se
<= 9.10
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode an
< 9.10
pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verificatio
< 9.10
pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject
< 9.10
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use
< 9.10
pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and
<= 9.7
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipu
<= 9.1
pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/Ja
< 9.2
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associ
< 7.0
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached
< 4.2.3
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent pr
< 8.12
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacke
< 8.9
pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to
< 8.6
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers
< 8.6
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowl
<= 8.4
pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerabilit
< 8.4
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. I
< 7.7
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external Post
< 6.19
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's se
>= 4.0 and < 6.14
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an
< 6.17
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL uti
< 6.7
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cooki