Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PostgreSQL Number Of NVD 165 CRITICAL 7 HIGH 70 MEDIUM 81 LOW 7
URL https://www.postgresql.org/
Explanation PostgreSQL is an object-relational database management system (ORDBMS) based on POSTGRES, Version 4.2, developed by the Department of Computer Science at the University of California, Berkeley.

Extracted from [https://www.postgresql.jp/document/11/html/intro-whatis.html]

From version 10 onwards, the integer part represents major versions and the decimal part represents minor updates.

Every year, a major version including new features is released.
Minor releases with bugs and security fixes will be released at least once every three months, if necessary.
Unscheduled releases will be made for urgent security issues.
Support is provided for five years after the major version is released.
Tag
  • PostgreSQL Licence
  • 商用ライセンス有り
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.postgresql.org/support/versioning/
2 https://wiki.postgresql.org/wiki/Main_Page
3 https://www.postgresql.jp/
4 https://www.postgresql.org/download/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
71 PostgreSQL 16 16.11 Nov. 13, 2025 Sept. 14, 2023 Sept. 9, 2028 0 8 5 0
72 PostgreSQL 15 15.15 Nov. 13, 2025 Jan. 13, 2022 Nov. 11, 2027 0 11 7 1
73 PostgreSQL 14 14.20 Nov. 13, 2025 May 15, 2021 Nov. 12, 2026 0 13 8 1
74 PostgreSQL 13 13.23 Nov. 13, 2025 Sept. 24, 2020 Nov. 23, 2025 0 17 13 1
75 PostgreSQL 12 12.22 Nov. 21, 2024 Oct. 3, 2019 Nov. 14, 2024 0 20 14 1
76 PostgreSQL 11 11.22 Nov. 9, 2023 Oct. 18, 2018 Nov. 9, 2023 2 24 15 1
77 PostgreSQL 10 10.23 Nov. 10, 2022 Oct. 5, 2017 Nov. 10, 2022 3 26 12 0
78 PostgreSQL 9 9.6.24 Sept. 20, 2010 Oct. 8, 2015 6 44 40 0
79 PostgreSQL 8 8.0.9 Jan. 19, 2005 July 24, 2014 4 36 51 3
80 PostgreSQL 7 7.0.3 May 8, 2000 May 8, 2005 4 36 41 4
81 PostgreSQL 6 6.5.3 Jan. 29, 1997 June 9, 2004 4 26 23 2
82 PostgreSQL 1 1.09 Nov. 4, 1996 Jan. 1, 2000 4 26 25 1
83 PostgreSQL - - 4 22 17 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
71 7.5
4.0 		HIGH
Network 		PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents o… NVD-CWE-noinfo
CVE-2017-7548 cpe:2.3:a:postgresql:postgresql:*:* 9.6
9.5
9.4



9.6.4
9.5.8
9.4.13 		2024-11-21 12:32
2017-08-17 		Show GitHub Exploit DB Packet Storm
72 8.8
4.0 		HIGH
Network 		PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by… NVD-CWE-noinfo
CVE-2017-7547 cpe:2.3:a:postgresql:postgresql:9.6:*
cpe:2.3:a:postgresql:postgresql:9.6.3:*
cpe:2.3:a:postgresql:postgresql:9.6… 		2024-11-21 12:32
2017-08-17 		Show GitHub Exploit DB Packet Storm
73 9.8
7.5 		CRITICAL
Network 		PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. CWE-287
Improper Authentication 		CVE-2017-7546 cpe:2.3:a:postgresql:postgresql:9.6:*
cpe:2.3:a:postgresql:postgresql:9.6.3:*
cpe:2.3:a:postgresql:postgresql:9.6… 		2024-11-21 12:32
2017-08-17 		Show GitHub Exploit DB Packet Storm
74 7.5
5.0 		HIGH
Network 		PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. CWE-284
Improper Access Control 		CVE-2016-0768 cpe:2.3:a:postgresql:postgresql:*:* 9.0 2024-11-21 11:42
2017-06-7 		Show GitHub Exploit DB Packet Storm
75 7.5
5.0 		HIGH
Network 		PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. CWE-200
Information Exposure 		CVE-2017-7486 cpe:2.3:a:postgresql:postgresql:9.6:*
cpe:2.3:a:postgresql:postgresql:9.5:*
cpe:2.3:a:postgresql:postgresql:9.5.7… 		2024-11-21 12:31
2017-05-13 		Show GitHub Exploit DB Packet Storm
76 5.9
4.3 		MEDIUM
Network 		In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connectio… CWE-311
Missing Encryption of Sensitive Data 		CVE-2017-7485 cpe:2.3:a:postgresql:postgresql:9.6:*
cpe:2.3:a:postgresql:postgresql:9.6.2:*
cpe:2.3:a:postgresql:postgresql:9.6… 		2024-11-21 12:31
2017-05-13 		Show GitHub Exploit DB Packet Storm
77 7.5
5.0 		HIGH
Network 		It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges… CWE-200
Information Exposure 		CVE-2017-7484 cpe:2.3:a:postgresql:postgresql:9.6:*
cpe:2.3:a:postgresql:postgresql:9.6.2:*
cpe:2.3:a:postgresql:postgresql:9.6… 		9.2.20 2024-11-21 12:31
2017-05-13 		Show GitHub Exploit DB Packet Storm
78 7.1
4.6 		HIGH
Network 		PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain supe… CWE-94
Code Injection 		CVE-2016-5424 cpe:2.3:a:postgresql:postgresql:9.5:*
cpe:2.3:a:postgresql:postgresql:9.5.3:*
cpe:2.3:a:postgresql:postgresql:9.5… 		9.1.22 2024-11-21 11:54
2016-12-10 		Show GitHub Exploit DB Packet Storm
79 8.3
6.5 		HIGH
Network 		PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference … CWE-476
 NULL Pointer Dereference 		CVE-2016-5423 cpe:2.3:a:postgresql:postgresql:9.5:*
cpe:2.3:a:postgresql:postgresql:9.5.3:*
cpe:2.3:a:postgresql:postgresql:9.5… 		9.1.22 2024-11-21 11:54
2016-12-10 		Show GitHub Exploit DB Packet Storm
80 9.1
8.5 		CRITICAL
Network 		The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequent… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-3065 cpe:2.3:a:postgresql:postgresql:9.5:*
cpe:2.3:a:postgresql:postgresql:9.5.1:* 		2024-11-21 11:49
2016-04-12 		Show GitHub Exploit DB Packet Storm