Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/phpmyadmin/phpmyadmin@4.5.1
purl pkg:composer/phpmyadmin/phpmyadmin@4.5.1
Tags Ghost
Next non-vulnerable version 4.9.11
Latest non-vulnerable version 5.2.2
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-3yp5-vqej-r7hh
Aliases:
CVE-2016-2040
GHSA-pw34-qf6c-84fc
Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-k7kn-ynne-b3gv
Aliases:
CVE-2016-2559
GHSA-7rf8-9r8f-qf59
Cross-site Scripting A Cross-site scripting (XSS) vulnerability in the format function in `libraries/sql-parser/src/Utils/Error.php` in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
4.5.5+1
Affected by 0 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-nfuk-7739-xqaw
Aliases:
CVE-2016-2562
GHSA-w8qg-j9fp-hrjf
Improper Input Validation The `checkHTTP` function in `libraries/Config.class.php` in phpMyAdmin does not verify X.509 certificates from `api.github.com` SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.
4.5.5+1
Affected by 0 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-w37b-ep3h-tfaz
Aliases:
CVE-2016-2041
GHSA-8m97-xc46-rw9w
Covert Timing Channel `libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:29.006331+00:00 GHSA Importer Fixing VCID-27kp-82xd-cucw https://github.com/advisories/GHSA-5pmg-qh2c-7j24 38.1.0
2026-04-03T21:25:48.199851+00:00 GitLab Importer Fixing VCID-27kp-82xd-cucw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2015-7873.yml 38.1.0
2026-04-01T13:09:37.706138+00:00 GithubOSV Importer Fixing VCID-27kp-82xd-cucw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5pmg-qh2c-7j24/GHSA-5pmg-qh2c-7j24.json 38.0.0
2026-04-01T12:47:01.545971+00:00 GitLab Importer Affected by VCID-nfuk-7739-xqaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2562.yml 38.0.0
2026-04-01T12:47:01.518817+00:00 GitLab Importer Affected by VCID-k7kn-ynne-b3gv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2559.yml 38.0.0
2026-04-01T12:47:01.165550+00:00 GitLab Importer Affected by VCID-w37b-ep3h-tfaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2041.yml 38.0.0
2026-04-01T12:47:01.095445+00:00 GitLab Importer Affected by VCID-3yp5-vqej-r7hh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2040.yml 38.0.0