Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2025-2946

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

Published: Apr 3, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-2946
GHSA: GHSA-2rrx-pphc-qfv9
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
pgadmin / pgadmin_4	-	9.1.x
pgadmin4	-	9.2

https://github.com/pgadmin-org/pgadmin4/commit/1305d9910beefd0d6b4c7eb4f111f86edb1d356b
https://github.com/pgadmin-org/pgadmin4/issues/8602

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo