Postgresql Postgresql Jdbc Driver — known CVE vulnerabilities
Every CVE whose affected-product data names Postgresql Postgresql Jdbc Driver, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2024-1597 — CVSS 10.0 (critical): pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the…
CVE-2022-26520 — CVSS 9.8 (critical): In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary…
CVE-2025-49146 — CVSS 8.2 (high): pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel…
CVE-2018-10936 — CVSS 8.1 (high): A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a…
CVE-2012-1618 — CVSS 7.5 (high): Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings"…
CVE-2026-42198 — CVSS 7.5 (high): pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side…
CVE-2022-31197 — CVSS 7.1 (high): PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent…
CVE-2022-21724 — CVSS 7.0 (high): pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security…
CVE-2022-41946 — CVSS 4.7 (medium): pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int…