Skip to main content

Github Com Jackc Pgx V5 Pgproto3

2 CVEs product

Monthly

CVE-2026-33816 Go CRITICAL PATCH GHSA Act Now

Memory-safety vulnerability in github.com/jackc/pgx/v5 PostgreSQL driver library allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability resides in the pgproto3 subpackage and enables network-accessible exploitation without user interaction. Attack complexity is low, requiring no special privileges. Information disclosure confirmed via source tagging. No public exploit identified at time of analysis.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-33815 Go CRITICAL PATCH GHSA Act Now

Remote memory-safety vulnerability in github.com/jackc/pgx/v5 (Go PostgreSQL driver) enables unauthenticated attackers to achieve arbitrary code execution, information disclosure, and denial of service via network vectors. The flaw affects the pgproto3 protocol implementation subpackage with critical-severity CVSS 9.8 scoring. EPSS indicates low observed exploitation activity; no public exploit identified at time of analysis. Vulnerability allows complete compromise of confidentiality, integrity, and availability without user interaction or elevated privileges.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory-safety vulnerability in github.com/jackc/pgx/v5 PostgreSQL driver library allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability resides in the pgproto3 subpackage and enables network-accessible exploitation without user interaction. Attack complexity is low, requiring no special privileges. Information disclosure confirmed via source tagging. No public exploit identified at time of analysis.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote memory-safety vulnerability in github.com/jackc/pgx/v5 (Go PostgreSQL driver) enables unauthenticated attackers to achieve arbitrary code execution, information disclosure, and denial of service via network vectors. The flaw affects the pgproto3 protocol implementation subpackage with critical-severity CVSS 9.8 scoring. EPSS indicates low observed exploitation activity; no public exploit identified at time of analysis. Vulnerability allows complete compromise of confidentiality, integrity, and availability without user interaction or elevated privileges.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy