Security

SECURITY.md

Security Policy

To report security vulnerabilities, please follow our special security policy. Do not report security issues in the public issue tracker.

unsafe parameter handing in `wsrep_notify_cmd`
GHSA-3p3m-4x7c-p4pw published Jun 2, 2026 by vuvova

Critical
unsafe usage of `wsrep_sst_receive_address` values on the joiner side
GHSA-7v3p-h23x-8hwv published Jun 2, 2026 by vuvova

High
wsrep SST unsafe parameter handling on the donor side (rsync)
GHSA-rpgv-q6gv-684r published Jun 2, 2026 by vuvova

High
FILE privilege was not checked for subqueries in the FROM clause
GHSA-667j-m53j-wpmc published May 18, 2026 by vuvova

Moderate
Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL
GHSA-f835-cfjq-wf73 published May 18, 2026 by vuvova

Moderate
Authorization bypass in role-based routine-level privilege check exposes stored routine definitions
GHSA-22xq-vq3f-87x2 published May 18, 2026 by vuvova

Moderate
path traversal in mbstream
GHSA-9pjh-5hhw-65v9 published May 18, 2026 by vuvova

Moderate
wsrep SST unsafe parameter handling on the donor side
GHSA-vwf7-w26c-9w5h published May 18, 2026 by vuvova

High
mysql_real_escape_string() incorrectly handled big5
GHSA-pv9p-5w55-55jm published May 18, 2026 by vuvova

Moderate
Heap-based Buffer Overflow in MariaDB
GHSA-4rj5-2227-9wgc published Mar 20, 2026 by vuvova

High

Learn more about advisories related to MariaDB/server in the GitHub Advisory Database