Publish GHSA-xgrm-4fwx-7qm8

advisory-database[bot] · advisory-database[bot] · commit ab8621e50f97 · 2026-04-18T00:27:44.000Z
diff --git a/advisories/github-reviewed/2026/04/GHSA-xgrm-4fwx-7qm8/GHSA-xgrm-4fwx-7qm8.json b/advisories/github-reviewed/2026/04/GHSA-xgrm-4fwx-7qm8/GHSA-xgrm-4fwx-7qm8.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xgrm-4fwx-7qm8",
-  "modified": "2026-04-10T14:10:46Z",
+  "modified": "2026-04-18T00:25:53Z",
   "published": "2026-04-07T18:31:36Z",
   "aliases": [
     "CVE-2026-33815"
   ],
   "summary": "pgx contains memory-safety vulnerability",
-  "details": "[pgx](github.com/jackc/pgx/v5) is a pure Go driver and toolkit for PostgreSQL. pgx v5.9.1 and earlier contain a memory-safety vulnerability.",
+  "details": "[pgx](github.com/jackc/pgx/v5) is a pure Go driver and toolkit for PostgreSQL. pgx prior to v5.9.0 contains a memory-safety vulnerability.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "last_affected": "5.9.1"
+              "fixed": "5.9.0"
             }
           ]
         }
@@ -40,6 +40,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33815"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jackc/pgx/issues/2519"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jackc/pgx/issues/2530"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jackc/pgx/commit/6dbad4cafdb8a4daab7ff79c858c95da4b6109e8"
+    },
     {
       "type": "WEB",
       "url": "https://pkg.go.dev/vuln/GO-2026-4771"
