PostgreSQL is now a CVE Numbering Authority (CNA)

Posted on 2024-01-18 by PostgreSQL Global Development Group
PostgreSQL Project Security

The PostgreSQL Security team is pleased to announce that PostgreSQL is now a CVE Numbering Authority (CNA). A CNA has responsibilities for assigning CVE IDs and participating in responsible disclosure with projects within its scope. You can find out more information about the role of PostgreSQL as a CNA on the PostgreSQL security page:

The process for reporting a security vulnerability in PostgreSQL has not changed. If you believe you have discovered a security vulnerability in PostgreSQL, please send an email to For more information on what is considered a vulnerability and the reporting process, please review the PostgreSQL security page:

You can find the original announcement on PostgreSQL being added as a CNA on the CVE page: