Security Vulnerabilities Fixed in Oracle MySQL That Did Not Exist in MariaDB


CVE stands for "Common Vulnerabilities and Exposures". It is a publicly available and free to use database of known software vulnerabilities maintained at

CPU stands for "Critical Patch Update". Oracle publishes Critical Patch Update Advisories four times a year, on the Tuesday closest to the 17th day of January, April, July and October. MySQL vulnerabilities are included in these CPU Advisories.

Some vulnerabilities found in MySQL apply to MariaDB as well, they are listed on the Security page.

Other vulnerabilities found in MySQL do not apply to MariaDB.

This page lists all CVEs that were fixed in MySQL and mentioned in Oracle CPU Advisories, but that — to the best of our knowledge — were never present in MariaDB.

Full List of CVEs Fixed in Oracle MySQL That Never Existed in MariaDB

April 2024

January 2024

October 2023

July 2023

April 2023

January 2023

October 2022

July 2022

April 2022

January 2022

October 2021

July 2021

Apr 2021

Jan 2021

Oct 2020

Jul 2020

Apr 2020

Jan 2020

Oct 2019

July 2019

April 2019

January 2019

October 2018

July 2018

April 2018

January 2018

October 2017

July 2017

April 2017

January 2017

October 2016

July 2016

April 2016

January 2016

October 2015

July 2015

April 2015

October 2015

July 2014

April 2014

January 2014

October 2013

July 2013

April 2013

October 2012

April 2012


Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.