pkg:Debian/postgresql-18

18 total CVEsHIGH11MEDIUM6LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2026-6638PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
    from 0, < 18.4-1
  • HIGH8.8CVE-2026-6637PostgreSQL refint allows stack buffer overflow and SQL injection
    from 0, < 18.4-1
  • HIGH8.8CVE-2026-6477PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
    from 0, < 18.4-1
  • HIGH8.8CVE-2026-6475PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
    from 0, < 18.4-1
  • HIGH8.8CVE-2026-6473PostgreSQL server undersizes allocations, via integer wraparound
    from 0, < 18.4-1
  • HIGH8.8CVE-2026-2006PostgreSQL missing validation of multibyte character length executes arbitrary code
    from 0, < 18.2-1
  • HIGH8.8CVE-2026-2005PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
    from 0, < 18.2-1
  • HIGH8.8CVE-2026-2004PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
    from 0, < 18.2-1
  • HIGH8.2CVE-2026-2007PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
    from 0, < 18.2-1
  • HIGH7.5CVE-2026-6479PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
    from 0, < 18.4-1
  • HIGH7.2CVE-2026-6476PostgreSQL pg_createsubscriber allows SQL injection via subscription name
    from 0, < 18.4-1
  • MEDIUM6.5CVE-2026-6478PostgreSQL discloses MD5-hashed passwords via covert timing channel
    from 0, < 18.4-1
  • MEDIUM5.9CVE-2025-12818PostgreSQL libpq undersizes allocations, via integer wraparound
    from 0, < 18.1-1
  • MEDIUM5.4CVE-2026-6472PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
    from 0, < 18.4-1
  • MEDIUM4.3CVE-2026-6575PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array
    from 0, < 18.4-1
  • MEDIUM4.3CVE-2026-6474PostgreSQL timeofday() can disclose portions of server memory
    from 0, < 18.4-1
  • MEDIUM4.3CVE-2026-2003postgresql-17 - security update
    from 0, < 18.2-1
  • LOW3.1CVE-2025-12817PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
    from 0, < 18.1-1
Debian/postgresql-18 — 18 CVEs · VulnScope