pgadmin4 (SUSE:Linux Enterprise Module for Python 3 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Python 3 15 SP6 package pgadmin4, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2024-38999 — CVSS 10.0 (critical): jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows…
CVE-2024-9014 — CVSS 9.9 (critical): pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to…
CVE-2024-48949 — CVSS 9.1 (critical): The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n)…
CVE-2023-1907 — CVSS 8.0 (high): A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to…
CVE-2025-9636 — CVSS 7.9 (high): pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the…
CVE-2024-39338 — CVSS 7.5 (high): axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVE-2024-4068 — CVSS 7.5 (high): The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory…
CVE-2024-4215 — CVSS 7.4 (high): pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a…
CVE-2024-4216 — CVSS 7.4 (high): pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to…
CVE-2024-38355 — CVSS 7.3 (high): Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can…
CVE-2024-43788 — CVSS 6.4 (medium): Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming…
CVE-2024-4067 — CVSS 5.3 (medium): The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in…
CVE-2025-27152 — CVSS 5.3 (medium): axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative…
CVE-2024-48948 — CVSS 4.8 (medium): The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at…
CVE-2024-38998: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation…