mariadb

423 tracked vulnerabilities.

CVE-2026-48165 HIGH
MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side
Jun 12, 2026
CVSS 8.0
EPSS 0.01
CVE-2026-48163 HIGH
MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)
Jun 12, 2026
CVSS 8.0
EPSS 0.01
CVE-2026-44173 MEDIUM
MariaDB: FILE privilege was not checked for subqueries in the FROM clause
Jun 12, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-44172 CRITICAL
MariaDB: mysql_real_escape_string() incorrectly handled big5
Jun 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-44171 MEDIUM
MariaDB: path traversal in mbstream
Jun 12, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-44170 CRITICAL
MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL
Jun 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-44169 MEDIUM
MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions
Jun 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44168 HIGH
MariaDB: wsrep SST unsafe parameter handling on the donor side
Jun 12, 2026
CVSS 8.0
EPSS 0.01
CVE-2026-49261 CRITICAL
MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`
Jun 11, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-35549 MEDIUM
MariaDB <11.4.10, 11.5-11.8.5, 12-12.2.1 - DoS
Apr 03, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32710 HIGH
Heap-based Buffer Overflow in MariaDB
Mar 20, 2026
CVSS 8.5
EPSS 0.01
CVE-2026-3494 MEDIUM
MariaDB <=11.8.5 - Audit Log Bypass
Mar 03, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-13699 HIGH
MariaDB >= 11.8.3 - Remote Code Execution via Directory Traversal in mariadb-dump Utility
Dec 23, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-56404 HIGH
MariaDB MCP 0.1.0 - Unauthenticated Sensitive Information Exposure via SSE Service
Sep 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-27766 MEDIUM
MariaDB 11.1 - Remote Code Execution via lib_mysqludf_sys.so Function
Oct 17, 2024
CVSS 5.7
EPSS 0.01
CVE-2023-52971 MEDIUM
MariaDB Server <11.5 - Info Disclosure
Mar 08, 2025
CVSS 4.9
EPSS 0.00
CVE-2023-52970 MEDIUM
MariaDB Server <11.5 - Info Disclosure
Mar 08, 2025
CVSS 4.9
EPSS 0.00
CVE-2023-52969 MEDIUM
MariaDB Server <11.1.* - Info Disclosure
Mar 08, 2025
CVSS 4.9
EPSS 0.00
CVE-2023-52968 MEDIUM
MariaDB Server <10.4.33-11.1.4 - Crash
Mar 08, 2025
CVSS 4.9
EPSS 0.00
CVE-2023-39593 MEDIUM
MariaDB - Authenticated Command Injection via sys_exec Function
Oct 17, 2024
CVSS 5.6
EPSS 0.01
CVE-2023-26785 CRITICAL
MariaDB 10.5 - Remote Code Execution via UDF Shared Object File
Oct 17, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-22084 MEDIUM
MySQL Server <8.0.34, <5.7.44 - DoS
Oct 17, 2023
CVSS 4.9
EPSS 0.02
CVE-2023-5157 HIGH
MariaDB < 10.3.36 - Denial of Service via OpenVAS Port Scan
Sep 27, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-40354 MEDIUM
MariaDB MaxScale < 2.5.28 - Cleartext Storage of Sensitive Information in Configuration File
Aug 14, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-47015 MEDIUM
MariaDB Server <10.3.34-10.9.3 - DoS
Jan 20, 2023
CVSS 6.5
EPSS 0.01