Synced 17 Jun 2026 22:27 UTC Account
← PostgreSQL

PostgreSQL vulnerabilities: known CVEs & security history

PostgreSQL · Database · 181 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all PostgreSQL release lines — 181 in total. A CVE here doesn't mean your version is affected — check PostgreSQL's current status and the safe version to run.

181
known CVEs
0
actively exploited (KEV)
7
critical severity
0
ransomware-linked

Known PostgreSQL CVEs

Actively-exploited and most-severe first. Showing the top 80 of 181. Open any CVE for full details.

CVESeverityCVSSEPSSYear
CVE-2015-0244 critical 9.8 4% 2020
CVE-2015-3166 critical 9.8 5% 2019
CVE-2019-10211 critical 9.8 2% 2019
CVE-2018-16850 critical 9.8 5% 2018
CVE-2017-7546 critical 9.8 62% 2017
CVE-2018-1115 critical 9.1 4% 2018
CVE-2016-3065 critical 9.1 3% 2016
CVE-2013-1903 high 10 2% 2013
CVE-2013-1902 high 10 2% 2013
CVE-2007-3279 high 10 3% 2007
CVE-2002-1399 high 10 2% 2003
CVE-2007-3280 high 9 26% 2007
CVE-2026-6637 high 8.8 0% 2026
CVE-2026-6477 high 8.8 0% 2026
CVE-2026-6475 high 8.8 0% 2026
CVE-2026-6473 high 8.8 0% 2026
CVE-2026-2006 high 8.8 1% 2026
CVE-2026-2005 high 8.8 1% 2026
CVE-2026-2004 high 8.8 0% 2026
CVE-2024-10979 high 8.8 4% 2024
CVE-2024-7348 high 8.8 2% 2024
CVE-2023-5869 high 8.8 4% 2023
CVE-2023-32305 high 8.8 1% 2023
CVE-2022-1552 high 8.8 12% 2022
CVE-2021-32027 high 8.8 2% 2021
CVE-2019-10127 high 8.8 0% 2021
CVE-2020-25695 high 8.8 46% 2020
CVE-2015-0243 high 8.8 5% 2020
CVE-2015-0242 high 8.8 5% 2020
CVE-2015-0241 high 8.8 6% 2020
CVE-2019-10208 high 8.8 2% 2019
CVE-2019-10164 high 8.8 4% 2019
CVE-2018-1058 high 8.8 14% 2018
CVE-2017-7547 high 8.8 6% 2017
CVE-2016-0766 high 8.8 4% 2016
CVE-2018-10915 high 8.5 5% 2018
CVE-2013-1900 high 8.5 5% 2013
CVE-2010-1447 high 8.5 3% 2010
CVE-2010-1169 high 8.5 4% 2010
CVE-2007-0555 high 8.5 5% 2007
CVE-2016-5423 high 8.3 6% 2016
CVE-2026-2007 high 8.2 0% 2026
CVE-2022-24844 high 8.1 1% 2022
CVE-2021-23214 high 8.1 2% 2022
CVE-2020-25694 high 8.1 2% 2020
CVE-2016-7048 high 8.1 5% 2018
CVE-2018-10925 high 8.1 2% 2018
CVE-2017-15098 high 8.1 4% 2017
CVE-2024-0985 high 8 1% 2024
CVE-2022-2625 high 8 1% 2022
CVE-2019-10128 high 7.8 0% 2021
CVE-2026-6479 high 7.5 0% 2026
CVE-2023-39417 high 7.5 2% 2023
CVE-2020-25696 high 7.5 3% 2020
CVE-2015-3167 high 7.5 4% 2019
CVE-2017-7548 high 7.5 4% 2017
CVE-2016-0768 high 7.5 1% 2017
CVE-2017-7486 high 7.5 6% 2017
CVE-2017-7484 high 7.5 3% 2017
CVE-2016-2193 high 7.5 2% 2016
CVE-2016-0773 high 7.5 7% 2016
CVE-2012-1618 high 7.5 3% 2012
CVE-2009-2943 high 7.5 2% 2009
CVE-2006-2313 high 7.5 3% 2006
CVE-2006-2314 high 7.5 3% 2006
CVE-2005-1409 high 7.5 2% 2005
CVE-2005-0245 high 7.5 14% 2005
CVE-2003-0901 high 7.5 5% 2003
CVE-2002-1397 high 7.5 3% 2003
CVE-2002-1400 high 7.5 4% 2003
CVE-2002-1657 high 7.5 1% 2002
CVE-2002-0802 high 7.5 1% 2002
CVE-2020-10733 high 7.3 1% 2020
CVE-2020-14350 high 7.3 1% 2020
CVE-2017-14798 high 7.3 1% 2018
CVE-2026-6476 high 7.2 0% 2026
CVE-2023-2454 high 7.2 1% 2023
CVE-2019-9193 high 7.2 92% 2019
CVE-2007-6601 high 7.2 2% 2008
CVE-2002-1642 high 7.2 0% 2002

101 older / lower-severity CVEs not shown — see PostgreSQL's full record.

Is my PostgreSQL version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your PostgreSQL version → · Monitor PostgreSQL for new CVEs →

PostgreSQL vulnerabilities — frequently asked

How many known vulnerabilities does PostgreSQL have?

IsItPatched tracks 181 CVEs for PostgreSQL. 7 are critical-severity and 77 high-severity. These span every release line — what matters is whether the version you run is affected.

Does PostgreSQL have any actively-exploited vulnerabilities?

None of PostgreSQL's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe PostgreSQL vulnerability?

Among tracked issues, CVE-2015-0244 (CRITICAL, CVSS 9.8) ranks highest — a SQL injection weakness.

Is PostgreSQL safe to use?

It depends on the version. The latest supported PostgreSQL release (18.4) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: PostgreSQL security status · PostgreSQL end-of-life · actively-exploited CVEs. Always verify against PostgreSQL's advisories — see our disclaimer.