This page is about security vulnerabilities fixed in MariaDB. If you are looking for information on securing your MariaDB installation, see Securing MariaDB.

Sensitive security issues can be sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.

About CVEs

CVE® stands for "Common Vulnerabilities and Exposures". It is a publicly available and free to use database of known software vulnerabilities maintained at https://cve.mitre.org/

On this page is the master list of CVEs fixed across all versions of MariaDB. Follow the links to more information on a particular CVE or specific version of MariaDB.

Separate lists of CVEs fixed in specific MariaDB series are maintained on their individual "What is MariaDB x.x?" pages:

Full List of CVEs fixed in MariaDB

CVEs without specific version numbers:

The following CVEs were fixed in MariaDB 5.1 and/or MariaDB 5.5 as indicated, but the fix is not tied to a specific MariaDB version.

CVE's affecting Oracle MySQL

Oracle do not disclose vulnerability details, so there's no meaningful assessment that MariaDB can do based on the information that Oracle disclose. MariaDB is however based on MySQL 5.5, and is not believed to be affected by the following CVE's, which affect MySQL 5.6 only:

Comments

Comments loading...
Loading