mariadb foundation

Top products

The 15 most recently published vulnerabilities affecting mariadb foundation.

• CVE-2026-32710Heap-based Buffer Overflow in MariaDB8.5Mar 20, 2026
• CVE-2026-3494MariaDB Server Audit Plugin Comment Handling Bypass4.3Mar 3, 2026
• CVE-2025-13699MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability7.0Dec 23, 2025
• CVE-2025-56404An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.7.5Sep 10, 2025
• CVE-2025-30722Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit ...5.3Apr 15, 2025
• CVE-2023-52971MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.4.9Mar 8, 2025
• CVE-2023-52970MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.4.9Mar 8, 2025
• CVE-2023-52969MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info ...4.9Mar 8, 2025
• CVE-2023-52968MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_de...4.9Mar 8, 2025
• CVE-2024-27766An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is...5.7Oct 17, 2024
• CVE-2023-39593Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundatio...5.6Oct 17, 2024
• CVE-2023-26785MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the Ma...9.8Oct 17, 2024
• CVE-2023-5157Mariadb: node crashes with transport endpoint is not connected mysqld got signal 67.5Sep 26, 2023
• CVE-2022-47015MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.6.5Jan 20, 2023
• CVE-2022-38791In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.5.5Aug 27, 2022