pkg:Debian/pgbouncer

13 total CVEsCRITICAL2HIGH9MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-6665PgBouncer buffer overflow in SCRAM
    from 0
  • CRITICAL9.8CVE-2025-2291PgBouncer default auth_query does not take Postgres password expiry into account
    from 0, < 1.15.0-1+deb11u1
  • HIGH8.1CVE-2025-12819Untrusted search path in auth_query connection in PgBouncer
    from 0, < 1.15.0-1+deb11u2
  • HIGH8.1CVE-2025-12819Untrusted search path in auth_query connection in PgBouncer
    from 0, < 1.15.0-1+deb11u2
  • HIGH8.1CVE-2021-3935pgbouncer - security update
    from 0, < 1.7.2-2+deb9u1
  • HIGH8.1CVE-2021-3935pgbouncer - security update
    from 0, < 1.15.0-1+deb11u1
  • HIGH8.1CVE-2021-3935pgbouncer - security update
    from 0, < 1.15.0-1+deb11u1
  • HIGH8.1CVE-2015-6817PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown user…
    from 0, < 1.6.1-1
  • HIGH7.5CVE-2026-6666PgBouncer crash in kill_pool_logins_server_error
    from 0
  • HIGH7.5CVE-2026-6664PgBouncer integer overflow in PgBouncer network packet parsing
    from 0
  • HIGH7.5CVE-2015-4054PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password pack…
    from 0, < 1.5.5-1
  • MEDIUM4.3CVE-2026-6667PgBouncer missing authorization check in KILL_CLIENT admin command
    from 0
  • CVE-2012-4575The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (d…
    from 0, < 1.5.2-4