Jackc Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Jackc products.

3 known CVE vulnerabilities tracked

Critical

High

Medium

Low

None

Vulnerabilities By Year

2024

2026

Products Affected

Pgproto3 2 Pgx 1

All Jackc CVEs

Recent Highest Score Oldest

CVE-2026-32286

7.5 high

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

Pgproto3 Mar 26, 2026

CVE-2024-27304

9.8 critical

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The

Pgproto3 Mar 6, 2024

CVE-2024-27289

8.1 high

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a s

Pgx Mar 6, 2024