Search for packages
| purl | pkg:npm/pg@2.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-yrg7-471n-d3fg
Aliases: CVE-2017-16082 |
Code Injection A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:37:48.566639+00:00 | GitLab Importer | Affected by | VCID-yrg7-471n-d3fg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pg/CVE-2017-16082.yml | 38.6.0 |