CVE-2026-33815: pgx contains memory-safety vulnerability

April 7, 2026 (updated April 18, 2026)

pgx is a pure Go driver and toolkit for PostgreSQL. pgx prior to v5.9.0 contains a memory-safety vulnerability.

References

github.com/advisories/GHSA-xgrm-4fwx-7qm8
github.com/jackc/pgx/commit/6dbad4cafdb8a4daab7ff79c858c95da4b6109e8
github.com/jackc/pgx/issues/2519
github.com/jackc/pgx/issues/2530
nvd.nist.gov/vuln/detail/CVE-2026-33815
pkg.go.dev/vuln/GO-2026-4771

Code Behaviors & Features

Detect and mitigate CVE-2026-33815 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →