| Bug | forky | sid | Description |
|---|
| CVE-2026-6638 | vulnerable | fixed | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... ... |
| CVE-2026-6637 | vulnerable | fixed | Stack buffer overflow in PostgreSQL module "refint" allows an unprivil ... |
| CVE-2026-6575 | vulnerable | fixed | Buffer over-read in PostgreSQL function pg_restore_attribute_stats() a ... |
| CVE-2026-6479 | vulnerable | fixed | Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an ... |
| CVE-2026-6478 | vulnerable | fixed | Covert timing channel in comparison of MD5-hashed password in PostgreS ... |
| CVE-2026-6477 | vulnerable | fixed | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) i ... |
| CVE-2026-6476 | vulnerable | fixed | SQL injection in PostgreSQL pg_createsubscriber allows an attacker wit ... |
| CVE-2026-6475 | vulnerable | fixed | Symlink following in PostgreSQL pg_basebackup plain format and in pg_r ... |
| CVE-2026-6474 | vulnerable | fixed | Externally-controlled format string in PostgreSQL timeofday() function ... |
| CVE-2026-6473 | vulnerable | fixed | Integer wraparound in multiple PostgreSQL server features allows an un ... |
| CVE-2026-6472 | vulnerable | fixed | Missing authorization in PostgreSQL CREATE TYPE allows an object creat ... |