SecAlerts
CVE ListPricingSign Up
PostgreSQL logo

PostgreSQL

Security Risk Profile

52
/100
medium

Security Risk Score

Comprehensive risk assessment based on 261 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from December 2, 1999 to present

261
Total CVEs
121
Critical+High
4
Exploited
46
Unpatched

Threat Assessment

Avg CVSS
6.6
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
46
Critical/High
Risk Level
52/100
medium
⚠️ 4 Active Exploits 4 Zero-Days🆕 1Fresh (<7d)📈 2 in Last 30 Days

Severity Distribution

Critical
22
High
99
Medium
105
Low
13

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
13

Age Distribution

Common Weaknesses (CWE)

1
Buffer Overflow
35
2
SQL Injection
27
3
Infoleak
15
4
Integer Overflow
11
5
Input Validation
11

Most Affected Products

1. PostgreSQL postgresql3910
2. redhat/postgresql201
3. PHP PHP108
4. Canonical Ubuntu Linux77
5. Debian Debian Linux67

Recent Vulnerabilities

See more →
https://reddit.com/r/netsec/comments/1tp6dz0/a_week_after_dutch_fiod_seized_800_servers_the/
unknown

A week after Dutch FIOD seized 800+ servers, the hosting network's ASN (AS209847) is still scanning at its normal daily rate

5/27/2026🔧 No Patch
CVE-2026-6637
CVSS 8.8high

PostgreSQL refint allows stack buffer overflow and SQL injection

5/14/2026
CVE-2026-6638
CVSS 8.8high

PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

5/14/2026
CVE-2026-6575
CVSS 4.3medium

PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array

5/14/2026
CVE-2026-6479
CVSS 7.5high

PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

5/14/2026
CVE-2026-6478
CVSS 6.5medium

PostgreSQL discloses MD5-hashed passwords via covert timing channel

5/14/2026
CVE-2026-6477
CVSS 8.8high

PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

5/14/2026
CVE-2026-6476
CVSS 7.2high

PostgreSQL pg_createsubscriber allows SQL injection via subscription name

5/14/2026
CVE-2026-6475
CVSS 8.8high

PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

5/14/2026
CVE-2026-6474
CVSS 4.3medium

PostgreSQL timeofday() can disclose portions of server memory

5/14/2026

Monitor PostgreSQL in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

PostgreSQL Security Vulnerabilities & Risk Score | 261 CVEs | SecAlerts - SecAlerts