postgresql-plperl (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package postgresql-plperl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (27)
CVE-2025-8714 — CVSS 8.8 (high): Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for…
CVE-2026-2005 — CVSS 8.8 (high): Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the…
CVE-2026-2004 — CVSS 8.8 (high): Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute…
CVE-2024-10979 — CVSS 8.8 (high): Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process…
CVE-2025-8715 — CVSS 8.8 (high): Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time…
CVE-2024-7348 — CVSS 8.8 (high): Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as…
CVE-2026-6477 — CVSS 8.8 (high): Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and…
CVE-2026-6475 — CVSS 8.8 (high): Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g…
CVE-2026-6473 — CVSS 8.8 (high): Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an…
CVE-2023-5869 — CVSS 8.8 (high): A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during…
CVE-2026-2006 — CVSS 8.8 (high): Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that…
CVE-2025-1094 — CVSS 8.1 (high): Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and…
CVE-2022-2625 — CVSS 8.0 (high): A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the…
CVE-2024-0985 — CVSS 8.0 (high): Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as…
CVE-2023-39417 — CVSS 7.5 (high): IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@…
CVE-2023-2454 — CVSS 7.2 (high): schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed…
CVE-2026-6478 — CVSS 6.5 (medium): Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials…
CVE-2025-12818 — CVSS 5.9 (medium): Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause…
CVE-2023-2455 — CVSS 5.4 (medium): Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases…
CVE-2023-5868 — CVSS 4.3 (medium): A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain…
CVE-2024-10978 — CVSS 4.2 (medium): Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those…
CVE-2024-10976 — CVSS 4.2 (medium): Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended…
CVE-2022-41862 — CVSS 3.7 (low): In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport…
CVE-2023-39418 — CVSS 3.1 (low): A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies…
CVE-2024-4317 — CVSS 3.1 (low): Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most…
CVE-2025-12817 — CVSS 3.1 (low): Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE…
CVE-2023-5870 — CVSS 2.2 (low): A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication…