Security Advisories
CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.