Update to pgadmin-9.16.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c248414214 2026-06-28 00:56:23.048166+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 44 Version : 9.16 Release : 1.fc44 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin-9.16. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 19 2026 Filipe Rosset - 9.16-1 - Update to 9.16 + spec cleanup and modernization -------------------------------------------------------------------------------- References: [ 1 ] Bug #2490658 - CVE-2026-12049 pgadmin4: pgAdmin 4: Open redirect vulnerability in multi-factor authentication can lead to phishing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490658 [ 2 ] Bug #2490659 - CVE-2026-12050 pgadmin4: pgAdmin 4: Arbitrary SQL execution via SQL injection in restore point endpoint [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490659 [ 3 ] Bug #2490661 - CVE-2026-12044 pgadmin4: pgAdmin 4: Arbitrary code execution via SQL injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490661 [ 4 ] Bug #2490662 - CVE-2026-12047 pgadmin4: pgAdmin 4: HTML injection via unsanitized SDK exception messages in cloud deployment module [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490662 [ 5 ] Bug #2490663 - CVE-2026-12045 pgadmin4: pgAdmin 4: Remote code execution via prompt injection in AI Assistant [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490663 [ 6 ] Bug #2490664 - CVE-2026-12046 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490664 [ 7 ] Bug #2490665 - CVE-2026-12048 pgadmin4: pgAdmin 4: Cross-site scripting allows arbitrary HTML injection and redirection to malicious sites [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490665 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c248414214' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to pgadmin4-9.15.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1545df20ad 2026-05-21 01:26:51.960418+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 43 Version : 9.15 Release : 1.fc43 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.15. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Sandro Mani - 9.15-1 - Update to 9.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476786 - CVE-2026-7819 pgadmin4: symbolic-link path traversal in File Manager allows arbitrary file write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476786 [ 2 ] Bug #2476787 - CVE-2026-7815 pgadmin4: SQL injection in maintenance tool option values leading to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476787 [ 3 ] Bug #2476788 - CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476788 [ 4 ] Bug #2476789 - CVE-2026-7820 pgadmin4: account-lockout bypass via Flask-Security default /login view [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476789 [ 5 ] Bug #2476790 - CVE-2026-7818 pgadmin4: unsafe deserialization in file-backed session manager leads to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476790 [ 6 ] Bug#2476791 - CVE-2026-7816 pgadmin4: OS command injection in Import/Export query export via psql metacommand breakout [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476791 [ 7 ] Bug #2476792 - CVE-2026-7813 pgadmin4: cross-user data access and shared-server privilege escalation in server mode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476792 [ 8 ] Bug #2476793 - CVE-2026-7814 pgadmin4: stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476793 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1545df20ad' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to pgadmin4-9.15.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-68f6155fea 2026-05-21 00:54:04.884645+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 44 Version : 9.15 Release : 1.fc44 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.15. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Sandro Mani - 9.15-1 - Update to 9.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476786 - CVE-2026-7819 pgadmin4: symbolic-link path traversal in File Manager allows arbitrary file write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476786 [ 2 ] Bug #2476787 - CVE-2026-7815 pgadmin4: SQL injection in maintenance tool option values leading to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476787 [ 3 ] Bug #2476788 - CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476788 [ 4 ] Bug #2476789 - CVE-2026-7820 pgadmin4: account-lockout bypass via Flask-Security default /login view [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476789 [ 5 ] Bug #2476790 - CVE-2026-7818 pgadmin4: unsafe deserialization in file-backed session manager leads to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476790 [ 6 ] Bug#2476791 - CVE-2026-7816 pgadmin4: OS command injection in Import/Export query export via psql metacommand breakout [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476791 [ 7 ] Bug #2476792 - CVE-2026-7813 pgadmin4: cross-user data access and shared-server privilege escalation in server mode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476792 [ 8 ] Bug #2476793 - CVE-2026-7814 pgadmin4: stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476793 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-68f6155fea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-34c2bf6df4 2026-04-25 01:21:36.172965+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 44 Version : 9.14 Release : 3.fc44 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2026 Sandro Mani - 9.14-3 - Add pgadmin4_CVE-2026-40175.prebundle.patch * Thu Apr 9 2026 Sandro Mani - 9.14-2 - Rework vendor bundle, use corepack yarn * Thu Apr 2 2026 Sandro Mani - 9.14-1 - Update to 9.14 * Thu Apr 2 2026 Sandro Mani - 9.13-2 - Refresh vendor bundle, fixes CVE-2026-4800 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454043 - CVE-2026-4800 pgadmin4: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454043 [ 2 ] Bug #2454310 - pgadmin4-9.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454310 [ 3 ] Bug #2454886 - Query Tool crashes with React error #130 in pgAdmin 9.14 (regression from 9.13) https://bugzilla.redhat.com/show_bug.cgi?id=2454886 [ 4 ] Bug #2456577 - CVE-2026-39865 pgadmin4: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456577 [ 5 ] Bug #2457505 - CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457505 [ 6 ] Bug #2457878 - CVE-2026-40175 pgadmin4: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457878 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-34c2bf6df4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b4633cbe23 2026-04-23 00:55:31.005293+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 42 Version : 9.14 Release : 3.fc42 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2026 Sandro Mani - 9.14-3 - Add pgadmin4_CVE-2026-40175.prebundle.patch * Thu Apr 9 2026 Sandro Mani - 9.14-2 - Rework vendor bundle, use corepack yarn * Thu Apr 2 2026 Sandro Mani - 9.14-1 - Update to 9.14 * Thu Apr 2 2026 Sandro Mani - 9.13-2 - Refresh vendor bundle, fixes CVE-2026-4800 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454043 - CVE-2026-4800 pgadmin4: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454043 [ 2 ] Bug #2454310 - pgadmin4-9.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454310 [ 3 ] Bug #2454886 - Query Tool crashes with React error #130 in pgAdmin 9.14 (regression from 9.13) https://bugzilla.redhat.com/show_bug.cgi?id=2454886 [ 4 ] Bug #2456577 - CVE-2026-39865 pgadmin4: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456577 [ 5 ] Bug #2457505 - CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457505 [ 6 ] Bug #2457878 - CVE-2026-40175 pgadmin4: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457878 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b4633cbe23' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to pgadmin4-9.13.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-416a89747f 2026-03-16 01:10:09.534356+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 42 Version : 9.13 Release : 1.fc42 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.13. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2026 Sandro Mani - 9.13-1 - Update to 9.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2439386 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439386 [ 2 ] Bug #2439405 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2439405 [ 3 ] Bug #2442980 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2442980 [ 4 ] Bug #2442981 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442981 [ 5 ] Bug #2443051 - CVE-2026-27902 pgadmin4: Svelte: Cross-Site Scripting via unsanitized error output [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443051 [ 6 ] Bug #2444801 - pgadmin4-9.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2444801 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-416a89747f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to pgadmin4-9.13.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-bef5344f9f 2026-03-16 00:57:17.182011+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 43 Version : 9.13 Release : 1.fc43 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.13. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2026 Sandro Mani - 9.13-1 - Update to 9.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2439386 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439386 [ 2 ] Bug #2439405 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2439405 [ 3 ] Bug #2442980 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2442980 [ 4 ] Bug #2442981 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442981 [ 5 ] Bug #2443051 - CVE-2026-27902 pgadmin4: Svelte: Cross-Site Scripting via unsanitized error output [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443051 [ 6 ] Bug #2444801 - pgadmin4-9.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2444801 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bef5344f9f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to pgadmin4-9.13.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-220c4ca745 2026-03-16 00:26:18.591080+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 44 Version : 9.13 Release : 1.fc44 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.13. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2026 Sandro Mani - 9.13-1 - Update to 9.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2439386 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439386 [ 2 ] Bug #2439405 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2439405 [ 3 ] Bug #2442980 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2442980 [ 4 ] Bug #2442981 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442981 [ 5 ] Bug #2443051 - CVE-2026-27902 pgadmin4: Svelte: Cross-Site Scripting via unsanitized error output [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443051 [ 6 ] Bug #2444801 - pgadmin4-9.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2444801 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-220c4ca745' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.