Security Vulnerabilities Fixed in MariaDB

This page is about security vulnerabilities fixed in MariaDB. If you are looking for information on securing your MariaDB installation, see Securing MariaDB.

Sensitive security issues can be reported on or sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.

About CVEs

CVE® stands for "Common Vulnerabilities and Exposures". It is a publicly available and free to use database of known software vulnerabilities maintained at

On this page is the master list of CVEs fixed across all versions of MariaDB. Follow the links to more information on a particular CVE or specific version of MariaDB.

Some CVEs apply to MySQL but are not present in MariaDB, these are listed on the Security Vulnerabilities fixed in Oracle MySQL that did not exist in MariaDB page.

Separate lists of CVEs fixed in specific MariaDB series are maintained on their individual "What is MariaDB x.x?" pages:

Full List of CVEs fixed in MariaDB

CVEs without specific version numbers:

The following CVEs were fixed in MariaDB 5.1 and/or MariaDB 5.5 as indicated, but the fix is not tied to a specific MariaDB version.


Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.