PostgreSQL: PostgreSQL is now a CVE Numbering Authority (CNA)

February 26, 2026: PostgreSQL 18.3, 17.9, 16.13, 15.17, and 14.22 Released! Quick Links About Governance Policies Feature Matrix Donate History Sponsors Contributing Financial Servers Latest News Upcoming Events Past events Press Licence PostgreSQL is now a CVE Numbering Authority (CNA) Posted on 2024-01-18 by PostgreSQL Global Development Group PostgreSQL Project Security The PostgreSQL Security team is pleased to announce that PostgreSQL is now a CVE Numbering Authority (CNA). A CNA has responsibilities for assigning CVE IDs and participating in responsible disclosure with projects within its scope. You can find out more information about the role of PostgreSQL as a CNA on the PostgreSQL security page: https://www.postgresql.org/support/security/ The process for reporting a security vulnerability in PostgreSQL has not changed. If you believe you have discovered a security vulnerability in PostgreSQL, please send an email to security@postgresql.org. For more information on what is considered a vulnerability and the reporting process, please review the PostgreSQL security page: https://www.postgresql.org/support/security/ You can find the original announcement on PostgreSQL being added as a CNA on the CVE page: https://www.cve.org/Media/News/item/news/2024/01/16/PostgreSQL-Added-as-CNA