Pgadmin Pgadmin

  1. Vendors
  2. Pgadmin

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Pgadmin product.

RSS Feeds for Pgadmin security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Pgadmin products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Pgadmin Sorted by Most Security Vulnerabilities since 2018

Pgadmin13 vulnerabilities

Pgadmin 47 vulnerabilities

Pgadmin Pgagent1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Pgadmin. Last year, in 2025 Pgadmin had 8 security vulnerabilities published. Right now, Pgadmin is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 8 7.49
2024 4 9.80
2023 3 7.13
2022 2 7.65

It may take a day or so for new Pgadmin vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Pgadmin Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-12764 Nov 13, 2025
pgAdmin LDAP Injection (<=9.9) Enables DOS via User Input pgAdmin <= 9.9  is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
Pgadmin
CVE-2025-12765 Nov 13, 2025
LDAP Auth Bypass TLS Cert Verify in pgAdmin <= 9.9 pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
Pgadmin
CVE-2025-12763 Nov 13, 2025
pgAdmin 4 <=9.9 CMD injection via shell=True in backup/restore CVE-2025-12763 pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.
Pgadmin
CVE-2025-12762 Nov 13, 2025
pgAdmin RCE via ServerMode Restore up to v9.9 pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
Pgadmin
CVE-2025-2945 Apr 03, 2025
CVE-2025-2945 RCE via eval() in pgAdmin 4 Query Tool & Cloud Deploy (<9.2) Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.
Pgadmin
CVE-2025-2946 Apr 03, 2025
pgAdmin <=9.1 XSS via Query Result Rendering pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
Pgadmin 4
CVE-2023-1907 Jan 09, 2025
Session Hijack via LDAP Auth in pgAdmin Server Mode A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
Pgadmin
CVE-2025-0218 Jan 07, 2025
pgAgent <4.2.3 Local DoS via Temp Dir RNG When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.
Pgagent
CVE-2024-9014 Sep 23, 2024
pgAdmin OAuth2 flaw: pre8.11 client ID/secret leak pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
Pgadmin
CVE-2024-4215 May 02, 2024
pgAdmin <=8.5 MFA Bypass (Unenrolled Accounts Authenticated) pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate accounts username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the accounts MFA enrollment status.
Pgadmin
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.