PostgreSQL ↗
Summary iPlain-English security verdict for PostgreSQL, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
PostgreSQL currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 18.4. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for PostgreSQL each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2019-9193 HIGH OS command injection EPSS 92% → see advisory CVE-2017-7546 CRITICAL Improper authentication EPSS 62% → see advisory CVE-2013-1899 MEDIUM Code injection EPSS 54% → see advisory CVE-2020-25695 HIGH SQL injection EPSS 46% → fixed in 13.1 CVE-2018-16850 CRITICAL SQL injection EPSS 5% → fixed in 11.1 CVE-2015-3166 CRITICAL Memory corruption EPSS 5% → fixed in 9.4.2 CVE-2015-0244 CRITICAL SQL injection EPSS 4% → fixed in 9.4.1 CVE-2018-1115 CRITICAL Incorrect permission assignment EPSS 4% → fixed in 10.4 CVE-2016-3065 CRITICAL CWE-264 EPSS 3% → see advisory CVE-2019-10211 CRITICAL Code injection EPSS 2% → fixed in 11.5Get alerted about PostgreSQL
Be emailed the moment PostgreSQL gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for PostgreSQL — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each PostgreSQL release line is supported — and when it sunsets. Select a line for its full report.
Full PostgreSQL end-of-life dates & support timeline →
18 latest 18.4 Supported until 2030-11-1418.4 → 17 latest 17.10 Supported until 2029-11-0817.10 → 16 latest 16.14 Supported until 2028-11-0916.14 → 15 latest 15.18 Supported until 2027-11-1115.18 → 14 latest 14.23 Supported until 2026-11-1214.23 → 13 latest 13.23 End of life ended 2025-11-1313.23 → 12 latest 12.22 End of life ended 2024-11-2112.22 → 11 latest 11.22 End of life ended 2023-11-0911.22 → 10 latest 10.23 End of life ended 2022-11-1010.23 → 9.6 latest 9.6.24 End of life ended 2021-11-119.6.24 → See all upcoming end-of-life dates →Frequently asked
Is PostgreSQL safe and patched?
PostgreSQL currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 18.4. It's on the latest patch with no significant known issues — keep it current.
What should I do about PostgreSQL now?
Upgrade PostgreSQL to the latest supported release (18.4) or later and apply available security updates, then confirm against PostgreSQL's official advisory.
When does PostgreSQL reach end-of-life?
The latest supported PostgreSQL release is 18.4. After end-of-life a release no longer receives security patches.
Which versions of PostgreSQL are still receiving security updates?
Supported PostgreSQL release lines (latest 18.4): 18, 17, 16, 15, 14. End-of-life releases no longer receive security patches.
Latest security news for PostgreSQL BETA
Attributed third-party reporting linked to PostgreSQL — newest first. We surface and link the source; we don’t assert our own findings. About Emerging →
More across all tracked software on the Emerging feed →
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against PostgreSQL's official advisory before you patch or upgrade — PostgreSQL official site ↗