diff --git a/lib/brakeman/checks/check_sql.rb b/lib/brakeman/checks/check_sql.rb
index c8cd11e256823f981d7b0d76ba2d15dfd1d4cf09..29a7da4a967fd35be67738554db69960c091401d 100644
--- a/lib/brakeman/checks/check_sql.rb
+++ b/lib/brakeman/checks/check_sql.rb
@@ -51,6 +51,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
 
     Brakeman.debug "Processing possible SQL calls"
     calls.each { |call| process_result call }
+
+    check_CVE_2014_0080
   end
 
   #Find calls to named_scope() or scope() in models
@@ -638,6 +640,19 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     end
   end
 
+  # TODO: Move all SQL CVE checks to separate class
+  def check_CVE_2014_0080
+    return unless version_between? "4.0.0", "4.0.2" and
+                  @tracker.config[:gems].include? :pg
+
+    warn :warning_type => 'SQL Injection',
+      :warning_code => :CVE_2014_0080,
+      :message => "Rails #{tracker.config[:rails_version]} contains a SQL injection vulnerability (CVE-2014-0080) with PostgreSQL. Upgrade to 4.0.3",
+      :confidence => CONFIDENCE[:high],
+      :file => gemfile_or_environment,
+      :link_path => "https://groups.google.com/d/msg/rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ"
+  end
+
   def upgrade_version? versions
     versions.each do |low, high, upgrade|
       return upgrade if version_between? low, high
diff --git a/lib/brakeman/warning_codes.rb b/lib/brakeman/warning_codes.rb
index 454e3017945b5d1ac5558fd5d92b65c97cf4c9ab..99a0ac16bbdd436f40d8d25bd1c18e01d27194cd 100644
--- a/lib/brakeman/warning_codes.rb
+++ b/lib/brakeman/warning_codes.rb
@@ -71,7 +71,8 @@ module Brakeman::WarningCodes
     :CVE_2013_6416_call => 68,
     :CVE_2013_6417 => 69,
     :mass_assign_permit! => 70,
-    :ssl_verification_bypass => 71
+    :ssl_verification_bypass => 71,
+    :CVE_2014_0080 => 72,
   }
 
   def self.code name
diff --git a/test/apps/rails4/Gemfile b/test/apps/rails4/Gemfile
index d22b9e15ad3b96e503876b17bf2258f4d83fe6e4..a12d260db06e89120b4f6d1f830e64f5ea1e8bb4 100644
--- a/test/apps/rails4/Gemfile
+++ b/test/apps/rails4/Gemfile
@@ -3,7 +3,7 @@ source 'https://rubygems.org'
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
 gem 'rails', '4.0.0'
 
-gem 'sqlite3'
+gem 'pg'
 
 # Gems used only for assets and not required
 # in production environments by default.
diff --git a/test/tests/rails4.rb b/test/tests/rails4.rb
index b88d9a9790571771536f8d6eb04e685b69a1afba..0a6401d40e6962e421efa3be907350663bf4b1b1 100644
--- a/test/tests/rails4.rb
+++ b/test/tests/rails4.rb
@@ -15,7 +15,7 @@ class Rails4Tests < Test::Unit::TestCase
       :controller => 0,
       :model => 1,
       :template => 1,
-      :generic => 18
+      :generic => 19
     }
   end
 
@@ -260,6 +260,18 @@ class Rails4Tests < Test::Unit::TestCase
       :user_input => nil
   end
 
+  def test_sql_injection_CVE_2014_0080
+    assert_warning :type => :warning,
+      :warning_code => 72,
+      :fingerprint => "0ba20216bdda1cc067f9e4795bdb0d9224fd23c58317ecc09db67b6b38a2d0f0",
+      :warning_type => "SQL Injection",
+      :line => nil,
+      :message => /^Rails\ 4\.0\.0\ contains\ a\ SQL\ injection\ vul/,
+      :confidence => 0,
+      :relative_path => "Gemfile",
+      :user_input => nil
+  end
+
   def test_mass_assignment_with_permit!
     assert_warning :type => :warning,
       :warning_code => 70,