Home/Product/pgadmin 4
Product

pgadmin 4

20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-1707
all versions
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in se
7.4HIGH
 CVE-2025-13780
<= 9.10
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode an
9.1CRITICAL
 CVE-2025-12765
< 9.10
pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verificatio
7.5HIGH
 CVE-2025-12764
< 9.10
pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject
7.5HIGH
 CVE-2025-12763
< 9.10
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use
6.8MEDIUM
 CVE-2025-12762
< 9.10
pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and
9.1CRITICAL
 CVE-2025-9636
<= 9.7
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipu
7.9HIGH
 CVE-2025-2946
<= 9.1
pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/Ja
9.1CRITICAL
 CVE-2025-2945
< 9.2
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associ
9.9CRITICAL
 CVE-2024-9014
< 8.12
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacke
9.9CRITICAL
 CVE-2024-6238
< 8.9
pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to
7.4HIGH
 CVE-2024-4216
< 8.6
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers
7.4HIGH
 CVE-2024-4215
< 8.6
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowl
7.4HIGH
 CVE-2024-3116
<= 8.4
pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerabilit
7.4HIGH
 CVE-2024-2044
< 8.4
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. I
9.9CRITICAL
 CVE-2023-5002
< 7.7
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external Post
6.0MEDIUM
 CVE-2023-0241
< 6.19
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's se
6.5MEDIUM
 CVE-2023-22298
>= 4.0 and < 6.14
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an
6.1MEDIUM
 CVE-2022-4223
< 6.17
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL uti
8.8HIGH
 CVE-2022-0959
< 6.7
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cooki
6.5MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin