Mariadb
This hub aggregates every CVE we track for Mariadb, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
423
CVEs tracked
9
Critical
73
High
0
In CISA KEV
Severity distribution
MEDIUM292HIGH73LOW49CRITICAL9
Monthly trend
0
0
0
3
0
0
0
0
4
1
0
0
0
0
0
0
0
1
0
0
2
1
0
9
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Mariadb.
- CVE-2026-48165MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side8.0
- CVE-2026-48163MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)8.0
- CVE-2026-44173MariaDB: FILE privilege was not checked for subqueries in the FROM clause5.0
- CVE-2026-44172MariaDB: mysql_real_escape_string() incorrectly handled big59.8
- CVE-2026-44171MariaDB: path traversal in mbstream6.3
- CVE-2026-44169MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions4.3
- CVE-2026-44168MariaDB: wsrep SST unsafe parameter handling on the donor side8.0
- CVE-2026-44170MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL9.8
- CVE-2026-49261MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`10.0
- CVE-2026-35549An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user...6.5
- CVE-2026-32710Heap-based Buffer Overflow in MariaDB8.5
- CVE-2026-3494MariaDB Server Audit Plugin Comment Handling Bypass4.3
- CVE-2025-13699MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability7.0
- CVE-2025-30722Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit ...5.3
- CVE-2023-52971MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.4.9
Product normalization is registry-driven with AI assist and human review. How it works