connect-pg-simple prior to 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.
connect-pg-simple project connect-pg-simple