Fluid Attacks Database

Description

pgx contains memory-safety vulnerability pgx is a pure Go driver and toolkit for PostgreSQL. pgx prior to v5.9.0 contains a memory-safety vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/jackc/pgx/v5/pgproto3	>=0 <5.9.0	5.9.0
go	github.com/jackc/pgx/v5	>=0 <5.9.0	5.9.0
rpm rhel10	go-fdo-server	-	-
debian 14	golang-github-jackc-pgx-v5	=5.8.0-1 \|\| >=0 <5.9.2-1	5.9.2-1

Aliases

1. CVE-2026-338152. NVD-2026-338153. OSV-2026-338154. OSV-GO-2026-47715. OSV-DEBIAN-2026-338156. GCVE-2026-338157. SECURITY-TRACKER-CVE-2026-33815

References

1. https://github.com/jackc/pgx/issues/25192. https://github.com/jackc/pgx/issues/25303. https://github.com/jackc/pgx/commit/6dbad4cafdb8a4daab7ff79c858c95da4b6109e84. https://pkg.go.dev/vuln/GO-2026-4771

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.