{"url":"http://public2.vulnerablecode.io/api/packages/563196?format=json","purl":"pkg:pypi/pgadmin4@5.2","type":"pypi","namespace":"","name":"pgadmin4","version":"5.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.12","latest_non_vulnerable_version":"9.15","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58076?format=json","vulnerability_id":"VCID-24rd-whza-j7e4","summary":"pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability\npgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9636","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11309","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11294","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11376","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11411","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11415","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9636"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/cdeb18fcbb139a200b5a4779c82f9cd1aaaf3c89","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/cdeb18fcbb139a200b5a4779c82f9cd1aaaf3c89"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/9114","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-04T17:12:04Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/9114"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9636","reference_id":"CVE-2025-9636","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9636"},{"reference_url":"https://github.com/advisories/GHSA-6859-2qxq-ffv2","reference_id":"GHSA-6859-2qxq-ffv2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6859-2qxq-ffv2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86436?format=json","purl":"pkg:pypi/pgadmin4@9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@9.8"}],"aliases":["CVE-2025-9636","GHSA-6859-2qxq-ffv2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24rd-whza-j7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57065?format=json","vulnerability_id":"VCID-24th-ucxb-xbhb","summary":"pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering\npgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2946","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29588","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29485","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29517","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2955","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39835","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2946"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/1305d9910beefd0d6b4c7eb4f111f86edb1d356b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/1305d9910beefd0d6b4c7eb4f111f86edb1d356b"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/8602","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T13:13:37Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/8602"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2946","reference_id":"CVE-2025-2946","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2946"},{"reference_url":"https://github.com/advisories/GHSA-2rrx-pphc-qfv9","reference_id":"GHSA-2rrx-pphc-qfv9","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rrx-pphc-qfv9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84724?format=json","purl":"pkg:pypi/pgadmin4@9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@9.2"}],"aliases":["CVE-2025-2946","GHSA-2rrx-pphc-qfv9"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24th-ucxb-xbhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46077?format=json","vulnerability_id":"VCID-28q4-x522-9kgb","summary":"pgAdmin failed to properly control the server code\nA flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5002","reference_id":"","reference_type":"","scores":[{"value":"0.2376","scoring_system":"epss","scoring_elements":"0.96113","published_at":"2026-06-08T12:55:00Z"},{"value":"0.2376","scoring_system":"epss","scoring_elements":"0.96118","published_at":"2026-06-09T12:55:00Z"},{"value":"0.2376","scoring_system":"epss","scoring_elements":"0.9611","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239164","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-14T16:28:49Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239164"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/35f05e49b3632a0a674b9b36535a7fe2d93dd0c2","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/35f05e49b3632a0a674b9b36535a7fe2d93dd0c2"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/6763","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-14T16:28:49Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/6763"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/","reference_id":"2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-14T16:28:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5002","reference_id":"CVE-2023-5002","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5002"},{"reference_url":"https://github.com/advisories/GHSA-ghp8-52vx-77j4","reference_id":"GHSA-ghp8-52vx-77j4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghp8-52vx-77j4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/","reference_id":"VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-14T16:28:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67092?format=json","purl":"pkg:pypi/pgadmin4@7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-3ph5-jvc2-kuh4"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-au2k-pbjz-e7fh"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-ucgz-zps1-5bca"},{"vulnerability":"VCID-w5tc-7mtw-43gw"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@7.7"}],"aliases":["CVE-2023-5002","GHSA-ghp8-52vx-77j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28q4-x522-9kgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47227?format=json","vulnerability_id":"VCID-3ph5-jvc2-kuh4","summary":"pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user\npgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them and gain code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2044","reference_id":"","reference_type":"","scores":[{"value":"0.83473","scoring_system":"epss","scoring_elements":"0.99296","published_at":"2026-06-09T12:55:00Z"},{"value":"0.83473","scoring_system":"epss","scoring_elements":"0.99295","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2044"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/4e49d752fba72953acceeb7f4aa2e6e32d25853d","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/4e49d752fba72953acceeb7f4aa2e6e32d25853d"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/7258","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-11T14:48:18Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/7258"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV"},{"reference_url":"https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2044","reference_id":"CVE-2024-2044","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2044"},{"reference_url":"https://github.com/advisories/GHSA-rj98-crf4-g69w","reference_id":"GHSA-rj98-crf4-g69w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rj98-crf4-g69w"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/","reference_id":"LUYN2JXKKHFSVTASH344TBRGWDH64XQV","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-11T14:48:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/"},{"reference_url":"https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/","reference_id":"pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-11T14:48:18Z/"}],"url":"https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69281?format=json","purl":"pkg:pypi/pgadmin4@8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-au2k-pbjz-e7fh"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-ucgz-zps1-5bca"},{"vulnerability":"VCID-w5tc-7mtw-43gw"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@8.4"}],"aliases":["CVE-2024-2044","GHSA-rj98-crf4-g69w"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ph5-jvc2-kuh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55884?format=json","vulnerability_id":"VCID-3zgb-9hab-f7g1","summary":"OAuth2 client ID and secret exposed through the web browser\npgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9014","reference_id":"","reference_type":"","scores":[{"value":"0.92879","scoring_system":"epss","scoring_elements":"0.99779","published_at":"2026-06-09T12:55:00Z"},{"value":"0.92879","scoring_system":"epss","scoring_elements":"0.99777","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9014"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/7945","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T19:13:55Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/7945"},{"reference_url":"https://www.pgadmin.org/docs/pgadmin4/8.12/release_notes_8_12.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.pgadmin.org/docs/pgadmin4/8.12/release_notes_8_12.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9014","reference_id":"CVE-2024-9014","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9014"},{"reference_url":"https://github.com/advisories/GHSA-jm9x-rx9x-wpqj","reference_id":"GHSA-jm9x-rx9x-wpqj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jm9x-rx9x-wpqj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82777?format=json","purl":"pkg:pypi/pgadmin4@8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@8.12"}],"aliases":["CVE-2024-9014","GHSA-jm9x-rx9x-wpqj"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zgb-9hab-f7g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42730?format=json","vulnerability_id":"VCID-4tdq-uc6z-c3dd","summary":"Unrestricted Upload of File with Dangerous Type\nA malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0959","reference_id":"","reference_type":"","scores":[{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67318","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67283","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67324","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67331","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67319","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67302","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0959"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063759","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063759"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/dccd4f0bbaafa783d9f0360c7592b128d5cc3928","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/dccd4f0bbaafa783d9f0360c7592b128d5cc3928"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0959","reference_id":"CVE-2022-0959","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0959"},{"reference_url":"https://github.com/advisories/GHSA-cr8c-972v-rmp3","reference_id":"GHSA-cr8c-972v-rmp3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr8c-972v-rmp3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61023?format=json","purl":"pkg:pypi/pgadmin4@6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-28q4-x522-9kgb"},{"vulnerability":"VCID-3ph5-jvc2-kuh4"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-623q-pd2x-6udd"},{"vulnerability":"VCID-au2k-pbjz-e7fh"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-t3g3-sgdr-wkhh"},{"vulnerability":"VCID-ucgz-zps1-5bca"},{"vulnerability":"VCID-w5tc-7mtw-43gw"},{"vulnerability":"VCID-xhys-bnsd-hya1"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-xytw-9xtt-7kaa"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@6.7"}],"aliases":["CVE-2022-0959","GHSA-cr8c-972v-rmp3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4tdq-uc6z-c3dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56445?format=json","vulnerability_id":"VCID-623q-pd2x-6udd","summary":"pgAdmin has Incorrect Default Permissions\nA vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1907","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33318","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33355","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33339","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33284","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33237","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33306","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1907"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218384","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T14:51:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218384"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/blob/a9974b418c49760d3989b7fb25e052ff16b89ac6/docs/en_US/release_notes_7_0.rst","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/blob/a9974b418c49760d3989b7fb25e052ff16b89ac6/docs/en_US/release_notes_7_0.rst"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/fa29ba91632634d961f937ce3ed2c3b5a9d78f59","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/fa29ba91632634d961f937ce3ed2c3b5a9d78f59"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/6100","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/6100"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-1907","reference_id":"CVE-2023-1907","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T14:51:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-1907"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1907","reference_id":"CVE-2023-1907","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1907"},{"reference_url":"https://github.com/advisories/GHSA-7w6r-748w-mh52","reference_id":"GHSA-7w6r-748w-mh52","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7w6r-748w-mh52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83706?format=json","purl":"pkg:pypi/pgadmin4@7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-28q4-x522-9kgb"},{"vulnerability":"VCID-3ph5-jvc2-kuh4"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-au2k-pbjz-e7fh"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-ucgz-zps1-5bca"},{"vulnerability":"VCID-w5tc-7mtw-43gw"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@7.0"}],"aliases":["CVE-2023-1907","GHSA-7w6r-748w-mh52"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-623q-pd2x-6udd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54720?format=json","vulnerability_id":"VCID-au2k-pbjz-e7fh","summary":"pgAdmin is affected by a multi-factor authentication bypass vulnerability\npgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4215","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08868","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08863","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08822","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08887","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08871","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4215"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/f4761f55f7cf6d56d6c5129f921393b0b47fd976","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/f4761f55f7cf6d56d6c5129f921393b0b47fd976"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/7425","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-02T20:13:31Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/7425"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4215","reference_id":"CVE-2024-4215","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4215"},{"reference_url":"https://github.com/advisories/GHSA-2mvc-557g-5638","reference_id":"GHSA-2mvc-557g-5638","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mvc-557g-5638"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/","reference_id":"T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-02T20:13:31Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81152?format=json","purl":"pkg:pypi/pgadmin4@8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@8.6"}],"aliases":["CVE-2024-4215","GHSA-2mvc-557g-5638"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-au2k-pbjz-e7fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48357?format=json","vulnerability_id":"VCID-b2sv-sdxc-7fdt","summary":"pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification\npgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12765","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09337","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09282","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09342","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09356","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10806","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12765"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/09d2b7eeb0e330df73b1aef0cba57788fde52b6b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/09d2b7eeb0e330df73b1aef0cba57788fde52b6b"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/9324","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T14:00:33Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/9324"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12765","reference_id":"CVE-2025-12765","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12765"},{"reference_url":"https://github.com/advisories/GHSA-g4r8-3qmh-pmch","reference_id":"GHSA-g4r8-3qmh-pmch","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4r8-3qmh-pmch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71381?format=json","purl":"pkg:pypi/pgadmin4@9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@9.10"}],"aliases":["CVE-2025-12765","GHSA-g4r8-3qmh-pmch"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2sv-sdxc-7fdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57064?format=json","vulnerability_id":"VCID-c9wf-5gbe-zbcm","summary":"pgAdmin 4 Vulnerable to Remote Code Execution\nRemote Code Execution security vulnerability in pgAdmin 4  (Query Tool and Cloud Deployment modules).\n\nThe vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.\n\n\nThis issue affects pgAdmin 4: before 9.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2945","reference_id":"","reference_type":"","scores":[{"value":"0.8249","scoring_system":"epss","scoring_elements":"0.99252","published_at":"2026-06-09T12:55:00Z"},{"value":"0.8249","scoring_system":"epss","scoring_elements":"0.99251","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2945"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/75be0bc22d3d8d7620711835db817bd7c021007c","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/75be0bc22d3d8d7620711835db817bd7c021007c"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/8603","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T03:55:26Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/8603"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2945","reference_id":"CVE-2025-2945","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2945"},{"reference_url":"https://github.com/advisories/GHSA-g73c-fw68-pwx3","reference_id":"GHSA-g73c-fw68-pwx3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g73c-fw68-pwx3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84724?format=json","purl":"pkg:pypi/pgadmin4@9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@9.2"}],"aliases":["CVE-2025-2945","GHSA-g73c-fw68-pwx3"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9wf-5gbe-zbcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49417?format=json","vulnerability_id":"VCID-egxw-g33e-yyec","summary":"pgadmin4 has a Meta-Command Filter Command Execution\nThe PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark (EF BB BF) or other special byte sequences. The implemented filter uses the function `has_meta_commands()`, which scans raw bytes using a regular expression. The regex does not treat the bytes as ignorable, so meta-commands such as `\\\\!` remain undetected. When pgAdmin invokes psql with --file, psql strips the bytes and executes the command. This can result in remote command execution during a restore operation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13780","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3075","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30669","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30652","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30684","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30716","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/1d397395f75320ca1d4ed5e9ca721c603415e836","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/1d397395f75320ca1d4ed5e9ca721c603415e836"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/d5a909f14cb9713d89b49481ad1929fad89f4576","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/d5a909f14cb9713d89b49481ad1929fad89f4576"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/9368","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-11T19:18:41Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/9368"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/pull/9426","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/pull/9426"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13780","reference_id":"CVE-2025-13780","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13780"},{"reference_url":"https://github.com/advisories/GHSA-fxmw-jcgr-w44v","reference_id":"GHSA-fxmw-jcgr-w44v","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxmw-jcgr-w44v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72937?format=json","purl":"pkg:pypi/pgadmin4@9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xw2s-8ukm-jfbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@9.11"}],"aliases":["CVE-2025-13780","GHSA-fxmw-jcgr-w44v"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egxw-g33e-yyec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48356?format=json","vulnerability_id":"VCID-k3wb-r9y4-p3av","summary":"pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode\npgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12762","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38585","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38532","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3856","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38588","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44678","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12762"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/1d397395f75320ca1d4ed5e9ca721c603415e836","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/1d397395f75320ca1d4ed5e9ca721c603415e836"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/9320","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-14T04:55:28Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/9320"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12762","reference_id":"CVE-2025-12762","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12762"},{"reference_url":"https://github.com/advisories/GHSA-w2p4-p4rh-qcm3","reference_id":"GHSA-w2p4-p4rh-qcm3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w2p4-p4rh-qcm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71381?format=json","purl":"pkg:pypi/pgadmin4@9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@9.10"}],"aliases":["CVE-2025-12762","GHSA-w2p4-p4rh-qcm3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3wb-r9y4-p3av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48361?format=json","vulnerability_id":"VCID-rbtt-r5dg-mqdm","summary":"pgAdmin is affected by an LDAP injection vulnerability\npgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12764","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18741","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18623","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18704","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18743","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20136","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12764"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/09d2b7eeb0e330df73b1aef0cba57788fde52b6b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/09d2b7eeb0e330df73b1aef0cba57788fde52b6b"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/9325","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T14:01:57Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/9325"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12764","reference_id":"CVE-2025-12764","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12764"},{"reference_url":"https://github.com/advisories/GHSA-cvf4-f829-762v","reference_id":"GHSA-cvf4-f829-762v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvf4-f829-762v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71381?format=json","purl":"pkg:pypi/pgadmin4@9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@9.10"}],"aliases":["CVE-2025-12764","GHSA-cvf4-f829-762v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbtt-r5dg-mqdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44215?format=json","vulnerability_id":"VCID-t3g3-sgdr-wkhh","summary":"pgAdmin 4 Open Redirect vulnerability\nOpen redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22298","reference_id":"","reference_type":"","scores":[{"value":"0.0148","scoring_system":"epss","scoring_elements":"0.81363","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0148","scoring_system":"epss","scoring_elements":"0.81323","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0148","scoring_system":"epss","scoring_elements":"0.8135","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0148","scoring_system":"epss","scoring_elements":"0.81352","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0148","scoring_system":"epss","scoring_elements":"0.81346","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22298"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:09:49Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/5343","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:09:49Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/5343"},{"reference_url":"https://jvn.jp/en/jp/JVN03832974/index.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:09:49Z/"}],"url":"https://jvn.jp/en/jp/JVN03832974/index.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH"},{"reference_url":"https://www.pgadmin.org","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.pgadmin.org"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22298","reference_id":"CVE-2023-22298","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22298"},{"reference_url":"https://github.com/advisories/GHSA-894c-rg7f-3c62","reference_id":"GHSA-894c-rg7f-3c62","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-894c-rg7f-3c62"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/","reference_id":"VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:09:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/"},{"reference_url":"https://www.pgadmin.org/","reference_id":"www.pgadmin.org","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:09:49Z/"}],"url":"https://www.pgadmin.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63583?format=json","purl":"pkg:pypi/pgadmin4@6.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-28q4-x522-9kgb"},{"vulnerability":"VCID-3ph5-jvc2-kuh4"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-623q-pd2x-6udd"},{"vulnerability":"VCID-au2k-pbjz-e7fh"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-ucgz-zps1-5bca"},{"vulnerability":"VCID-w5tc-7mtw-43gw"},{"vulnerability":"VCID-xhys-bnsd-hya1"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-xytw-9xtt-7kaa"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@6.14"}],"aliases":["CVE-2023-22298","GHSA-894c-rg7f-3c62"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t3g3-sgdr-wkhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54714?format=json","vulnerability_id":"VCID-ucgz-zps1-5bca","summary":"pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload\npgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4216","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43605","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43579","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43628","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43618","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4216"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/e384c9665ae2e72376be7cefa8e652efcee93767","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/e384c9665ae2e72376be7cefa8e652efcee93767"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/7282","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-06T16:28:06Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/7282"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4216","reference_id":"CVE-2024-4216","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4216"},{"reference_url":"https://github.com/advisories/GHSA-xv64-8p4r-94gq","reference_id":"GHSA-xv64-8p4r-94gq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv64-8p4r-94gq"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/","reference_id":"T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-06T16:28:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81152?format=json","purl":"pkg:pypi/pgadmin4@8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@8.6"}],"aliases":["CVE-2024-4216","GHSA-xv64-8p4r-94gq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucgz-zps1-5bca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47403?format=json","vulnerability_id":"VCID-w5tc-7mtw-43gw","summary":"pgAdmin Remote Code Execution (RCE) vulnerability\npgAdmin <= 8.4 is affected by a  Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3116","reference_id":"","reference_type":"","scores":[{"value":"0.90682","scoring_system":"epss","scoring_elements":"0.99636","published_at":"2026-06-09T12:55:00Z"},{"value":"0.90682","scoring_system":"epss","scoring_elements":"0.99637","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gist.github.com/aelmokhtar/689a8be7e3bd535ec01992d8ec7b2b98","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-04T16:40:01Z/"}],"url":"https://gist.github.com/aelmokhtar/689a8be7e3bd535ec01992d8ec7b2b98"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/fbbbfe22dd468bcfef1e1f833ec32289a6e56a8b","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/fbbbfe22dd468bcfef1e1f833ec32289a6e56a8b"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/7326","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-04T16:40:01Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/7326"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIF5T34JTTYRGIN5YPT366BDFG6452A2","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIF5T34JTTYRGIN5YPT366BDFG6452A2"},{"reference_url":"https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-pgadmin-cve-2024-3116","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-pgadmin-cve-2024-3116"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3116","reference_id":"CVE-2024-3116","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3116"},{"reference_url":"https://github.com/advisories/GHSA-27jx-ffw8-xrqv","reference_id":"GHSA-27jx-ffw8-xrqv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27jx-ffw8-xrqv"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIF5T34JTTYRGIN5YPT366BDFG6452A2/","reference_id":"GIF5T34JTTYRGIN5YPT366BDFG6452A2","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-04T16:40:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIF5T34JTTYRGIN5YPT366BDFG6452A2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69650?format=json","purl":"pkg:pypi/pgadmin4@8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-au2k-pbjz-e7fh"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-ucgz-zps1-5bca"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@8.5"}],"aliases":["CVE-2024-3116","GHSA-27jx-ffw8-xrqv"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5tc-7mtw-43gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44768?format=json","vulnerability_id":"VCID-xhys-bnsd-hya1","summary":"pgAdmin 4 vulnerable to directory traversal\npgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0241","reference_id":"","reference_type":"","scores":[{"value":"0.02613","scoring_system":"epss","scoring_elements":"0.85955","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02613","scoring_system":"epss","scoring_elements":"0.8594","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02613","scoring_system":"epss","scoring_elements":"0.85929","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02613","scoring_system":"epss","scoring_elements":"0.85952","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03243","scoring_system":"epss","scoring_elements":"0.87375","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0241"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/akshay-joshi/pgadmin4/commit/64d7289c5b3831137b17bb4c5022ef4f63d2ef42","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/akshay-joshi/pgadmin4/commit/64d7289c5b3831137b17bb4c5022ef4f63d2ef42"},{"reference_url":"https://github.com/pgadmin-org","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/5734","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T16:09:04Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/5734"},{"reference_url":"https://jvn.jp/en/jp/JVN01398015","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jvn.jp/en/jp/JVN01398015"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0241","reference_id":"CVE-2023-0241","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0241"},{"reference_url":"https://github.com/advisories/GHSA-9crj-hpxh-f6qg","reference_id":"GHSA-9crj-hpxh-f6qg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9crj-hpxh-f6qg"},{"reference_url":"https://jvn.jp/en/jp/JVN01398015/","reference_id":"JVN01398015","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T16:09:04Z/"}],"url":"https://jvn.jp/en/jp/JVN01398015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64419?format=json","purl":"pkg:pypi/pgadmin4@6.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-28q4-x522-9kgb"},{"vulnerability":"VCID-3ph5-jvc2-kuh4"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-623q-pd2x-6udd"},{"vulnerability":"VCID-au2k-pbjz-e7fh"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-ucgz-zps1-5bca"},{"vulnerability":"VCID-w5tc-7mtw-43gw"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@6.19"}],"aliases":["CVE-2023-0241","GHSA-9crj-hpxh-f6qg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhys-bnsd-hya1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50030?format=json","vulnerability_id":"VCID-xw2s-8ukm-jfbg","summary":"pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability\npgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1707","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07145","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07151","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08511","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08476","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0853","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/62e2d18b0261f88086db65059a6078db07169f18","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/62e2d18b0261f88086db65059a6078db07169f18"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/9518","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T04:55:18Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/9518"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1707","reference_id":"CVE-2026-1707","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1707"},{"reference_url":"https://github.com/advisories/GHSA-3p7x-94q9-jq9x","reference_id":"GHSA-3p7x-94q9-jq9x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p7x-94q9-jq9x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73888?format=json","purl":"pkg:pypi/pgadmin4@9.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@9.12"}],"aliases":["CVE-2026-1707","GHSA-3p7x-94q9-jq9x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw2s-8ukm-jfbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99948?format=json","vulnerability_id":"VCID-xytw-9xtt-7kaa","summary":"pgadmin4: Unauthenticated remote code execution while validating the binary path","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4223.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4223.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4223","reference_id":"","reference_type":"","scores":[{"value":"0.87013","scoring_system":"epss","scoring_elements":"0.99457","published_at":"2026-06-09T12:55:00Z"},{"value":"0.87793","scoring_system":"epss","scoring_elements":"0.99489","published_at":"2026-06-08T12:55:00Z"},{"value":"0.87793","scoring_system":"epss","scoring_elements":"0.9949","published_at":"2026-06-07T12:55:00Z"},{"value":"0.87793","scoring_system":"epss","scoring_elements":"0.99488","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4223"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/5593","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:25:36Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/5593"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4223","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4223"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151434","reference_id":"2151434","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151434"},{"reference_url":"https://github.com/advisories/GHSA-3v6v-2x6p-32mc","reference_id":"GHSA-3v6v-2x6p-32mc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3v6v-2x6p-32mc"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q/","reference_id":"R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:25:36Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146684?format=json","purl":"pkg:pypi/pgadmin4@6.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24rd-whza-j7e4"},{"vulnerability":"VCID-24th-ucxb-xbhb"},{"vulnerability":"VCID-28q4-x522-9kgb"},{"vulnerability":"VCID-3ph5-jvc2-kuh4"},{"vulnerability":"VCID-3zgb-9hab-f7g1"},{"vulnerability":"VCID-623q-pd2x-6udd"},{"vulnerability":"VCID-au2k-pbjz-e7fh"},{"vulnerability":"VCID-b2sv-sdxc-7fdt"},{"vulnerability":"VCID-c9wf-5gbe-zbcm"},{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-k3wb-r9y4-p3av"},{"vulnerability":"VCID-rbtt-r5dg-mqdm"},{"vulnerability":"VCID-ucgz-zps1-5bca"},{"vulnerability":"VCID-w5tc-7mtw-43gw"},{"vulnerability":"VCID-xhys-bnsd-hya1"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"},{"vulnerability":"VCID-ybq1-7ehw-9be4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@6.17"}],"aliases":["CVE-2022-4223","GHSA-3v6v-2x6p-32mc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xytw-9xtt-7kaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48359?format=json","vulnerability_id":"VCID-ybq1-7ehw-9be4","summary":"pgAdmin 4 has command injection vulnerability on Windows systems\npgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12763","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11087","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10966","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11046","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11081","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12792","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/commit/e374edc69239b3e02ecde895e27d9f9e488b87ee","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgadmin-org/pgadmin4/commit/e374edc69239b3e02ecde895e27d9f9e488b87ee"},{"reference_url":"https://github.com/pgadmin-org/pgadmin4/issues/9323","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-14T04:55:29Z/"}],"url":"https://github.com/pgadmin-org/pgadmin4/issues/9323"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12763","reference_id":"CVE-2025-12763","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12763"},{"reference_url":"https://github.com/advisories/GHSA-rm79-x4g6-hvg5","reference_id":"GHSA-rm79-x4g6-hvg5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm79-x4g6-hvg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71381?format=json","purl":"pkg:pypi/pgadmin4@9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-egxw-g33e-yyec"},{"vulnerability":"VCID-xw2s-8ukm-jfbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@9.10"}],"aliases":["CVE-2025-12763","GHSA-rm79-x4g6-hvg5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybq1-7ehw-9be4"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pgadmin4@5.2"}