CRITICAL 9.1

GHSA-2rrx-pphc-qfv9

pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering

Details

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pgadmin4

Introduced in: 0 Fixed in: 9.2

Fix pip install --upgrade 'pgadmin4>=9.2'

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2946 [ADVISORY]
https://github.com/pgadmin-org/pgadmin4/issues/8602 [WEB]
https://github.com/pgadmin-org/pgadmin4/commit/1305d9910beefd0d6b4c7eb4f111f86edb1d356b [WEB]
https://github.com/pgadmin-org/pgadmin4 [PACKAGE]