What is the PostgreSQL CNA?
PostgreSQL is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 38 CVE records since 2024.
How many CVEs has PostgreSQL published?
PostgreSQL has published 38 CVE records, including 37 in the last two years.
What is PostgreSQL's CVE data quality grade?
RadicalNotion.AI grades PostgreSQL's CVE data quality as B, with an overall completeness score of 88.2%. This reflects how consistently its CVE records include vendor (55.3%), product (100%), CVSS (100%), and CWE (97.4%) information.
What products does PostgreSQL publish CVEs for?
PostgreSQL most frequently publishes CVEs for PostgreSQL, pgAdmin 4, pgAdmin4, PostgreSQL Anonymizer, PgBouncer.
Which vendors does PostgreSQL cover?
PostgreSQL publishes CVEs across 3 distinct vendors, most often PostgreSQL, pgadmin, pgadmin.org, pip, Bitnami.
Is PostgreSQL actively publishing CVEs?
PostgreSQL is currently active, based on 37 CVEs in the last two years.
What is the average severity of PostgreSQL's CVEs?
The average CVSS base score across PostgreSQL's scored CVEs is 7.3.
How many critical CVEs has PostgreSQL published?
PostgreSQL has published 8 critical-severity CVEs and 38 high-severity CVEs.
Are any of PostgreSQL's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of PostgreSQL's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in PostgreSQL's CVEs?
PostgreSQL's CVEs most often map to these CWE weakness types: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-862 (Missing Authorization), CWE-94 (Improper Control of Generation of Code ('Code Injection')), CWE-190 (Integer Overflow or Wraparound).
How does PostgreSQL rank among CNAs?
By total CVE volume, PostgreSQL ranks #197 of 370 CNAs, and it reports more complete CVE records than 35% of all CNAs.
