Vulnerabilities in pgadmin.org
30 resultsCVE-2024-2044CRITICALUnsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4EPSS 79.3%CVE-2024-3116HIGHRemote Code Execution Vulnerability through the validate binary path API in pgAdmin 4EPSS 64.8%CVE-2025-2945CRITICALpgAdmin 4: Remote Code Execution in Query Tool and Cloud DeploymentEPSS 38.4%CVE-2025-12762CRITICALRemote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)EPSS 12.0%CVE-2024-9014CRITICALOAuth2 client id and secret exposed through the web browser in pgAdmin 4EPSS 9.7%CVE-2026-7816HIGHpgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakoutEPSS 1.4%CVE-2025-13780CRITICALRemote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)EPSS 0.9%CVE-2025-12763MEDIUMCommand injection vulnerability allowing arbitrary command execution on WindowsEPSS 0.7%CVE-2026-12046CRITICALpgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code executionEPSS 0.7%CVE-2024-4215HIGHThe Multi Factor Authentication bypass vulnerability in pgAdmin 4EPSS 0.6%CVE-2026-12044HIGHpgAdmin 4: SQL injection in COMMENT ON ... IS '<description>' rendering across dialog templatesEPSS 0.5%CVE-2026-12045CRITICALpgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code executionEPSS 0.5%CVE-2024-4216HIGHXSS vulnerability in /settings/store API response json payload in pgAdmin 4EPSS 0.5%CVE-2026-7815HIGHpgAdmin 4: SQL injection in Maintenance tool option values leading to remote code executionEPSS 0.5%CVE-2026-7813CRITICALpgAdmin 4: Cross-user data access and shared-server privilege escalation in server modeEPSS 0.5%CVE-2026-1707HIGHRestore restriction bypass via key disclosure vulnerability (pgAdmin 4)EPSS 0.4%CVE-2026-7819HIGHpgAdmin 4: Symbolic-link path traversal in File Manager allows arbitrary file writeEPSS 0.4%CVE-2025-12764HIGHpgAdmin 4: LDAP injection vulnerability in LDAP authentication flow.EPSS 0.4%CVE-2026-12048CRITICALpgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parserEPSS 0.3%CVE-2025-2946CRITICALCross-Site Vulnerability(XSS) due to arbitrary HTML/JavaScript gets executed while query result rendering in Query Tool and View/Edit Data Tool of pgAdmin 4EPSS 0.3%