pgAdmin 4 || vulnerable pip modules - Rogelio Villafana Sanchez

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Rogelio Villafana Sanchez <[email protected]>
To: [email protected] <[email protected]>
Cc: Rogelio Villafana Sanchez <[email protected]>
Cc: Akshay Swami <[email protected]>
Cc: Manas . <[email protected]>
Subject: pgAdmin 4 || vulnerable pip modules
Date: Mon, 16 Feb 2026 19:40:00 +0000
Message-ID: <VI0PR06MB1016513F4D4341D6DF6A823B3E36CA@VI0PR06MB10165.eurprd06.prod.outlook.com> (raw)

Hello PGAdmin support team,

Three weeks ago, we completed the upgrade of PGAdmin to v9.11, yet in our last vulnerabilities scan report, several pip modules came in the picture as vulnerable version.
As these are modules which come embedded in the site packages installer, we would like to confirm below question with you.

  1.  Any existing/coming version that fix shared CVEs?
  2.  Will it be in their roadmap. If yes when is the plan to fix it?
  3.  Can we delete those files do we see any impact?
  4.  We can see v9.12 was just released, but does this version fix the CVEs or have the modules on fixed version?
  5.  Also, we know these CVEs might be false positive if yes, please share the description.

CVE-2025-68146
CVE-2025-68158
CVE-2025-69277
CVE-2026-0994
CVE-2026-21226
CVE-2026-21441
CVE-2026-21860
CVE-2026-22701
CVE-2026-22702
CVE-2026-23490
CVE-2026-23949
CVE-2026-24049
CVE-2026-26007

Rogelio Villafaña
DevOps Specialist | ATT BSSe
[Shape  Description automatically generated with medium confidence]

This email and the information contained herein is proprietary and confidential and subject to the Amdocs Email Terms of Service, which you may review at https://www.amdocs.com/about/email-terms-of-service <https://www.amdocs.com/about/email-terms-of-service;

Attachments:

  [image/gif] image001.gif (532.0K, 3-image001.gif)
  download | view image

  [application/vnd.openxmlformats-officedocument.spreadsheetml.sheet] pgAdmin_vulnerabilities.xlsx (18.5K, 4-pgAdmin_vulnerabilities.xlsx)
  download

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: pgAdmin 4 || vulnerable pip modules
  In-Reply-To: <VI0PR06MB1016513F4D4341D6DF6A823B3E36CA@VI0PR06MB10165.eurprd06.prod.outlook.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox