If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org. For reporting non-security bugs, please see the Report a Bug page.
You can filter the view of patches to show just patches for version:
13 -
12 -
11 -
10 -
9.6 -
9.5
- all
Reference | Affected | Fixed | Component & CVSS v3 Base Score | Description |
---|---|---|---|---|
Announcement |
12, 11, 10, 9.6 | 12.3, 11.8, 10.13, 9.6.18 | packaging 6.7 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Windows installer runs executables from uncontrolled directories more details |
Announcement |
12, 11, 10, 9.6 | 12.2, 11.7, 10.12, 9.6.17 | core server 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
ALTER ... DEPENDS ON EXTENSION is missing authorization checks. more details |
You can also view archived security patches for unsupported versions. Note that no further
security patches are made available for these versions as they are end of life.
9.4 -
9.3 -
9.2 -
9.1 -
9.0 -
8.4 -
8.3 -
8.2 -
8.1 -
8.0 -
7.4 -
7.3
The following component references are used in the above table:
Component | Description |
---|---|
core server | This vulnerability exists in the core server product. |
client | This vulnerability exists in a client library or client application only. |
contrib module | This vulnerability exists in a contrib module. Contrib modules are not installed by default when PostgreSQL is installed from source. They may be installed by binary packages. |
client contrib module | This vulnerability exists in a contrib module used on the client only. |
packaging | This vulnerability exists in PostgreSQL binary packaging, e.g. an installer or RPM. |