PyPI: pgadmin4
CVE-2025-2946
Safety vulnerability ID: SFTY-20250403-50061
Safety legacy ID: pyup.io-76515
Affected versions of pgadmin4 are affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
Overview
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering
Advisory
Affected versions of pgadmin4 are affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20250403-50061/CVE-2025-2946
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2946
- https://github.com/advisories/GHSA-2rrx-pphc-qfv9
- https://github.com/pgadmin-org/pgadmin4/commit/1305d9910beefd0d6b4c7eb4f111f86edb1d356b
- https://nvd.nist.gov/vuln/detail/CVE-2025-2946
- https://github.com/pgadmin-org/pgadmin4/issues/8602
- https://github.com/pgadmin-org/pgadmin4/commit/1305d9910beefd0d6b4c7eb4f111f86edb1d356b
- https://github.com/advisories/GHSA-2rrx-pphc-qfv9
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more