Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/vrana/adminer@4.7.4
purl pkg:composer/vrana/adminer@4.7.4
Next non-vulnerable version 5.4.2
Latest non-vulnerable version 5.4.2
Risk
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-5tnq-1pgt-r7h5
Aliases:
CVE-2025-43960
GHSA-mqh4-2mm8-g7w9
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.
4.8.2
Affected by 1 other vulnerability.
VCID-78j5-x2za-jycs
Aliases:
CVE-2021-21311
GHSA-x5r2-hj5c-8jx6
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
4.7.9
Affected by 3 other vulnerabilities.
VCID-9b7j-199x-5qhk
Aliases:
CVE-2021-29625
GHSA-2v82-5746-vwqc
Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
4.8.1
Affected by 2 other vulnerabilities.
VCID-p2d1-95dg-hyh9
Aliases:
CVE-2020-35572
GHSA-9pgx-gcph-mpqr
Adminer through 4.7.8 allows XSS via the history parameter to the default URI.
4.7.9
Affected by 3 other vulnerabilities.
VCID-xz5e-9xfk-13gq
Aliases:
CVE-2026-25892
GHSA-q4f2-39gr-45jh
5.4.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T20:57:42.173505+00:00 GitLab Importer Affected by VCID-xz5e-9xfk-13gq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2026-25892.yml 38.6.0
2026-06-12T20:11:37.913767+00:00 GitLab Importer Affected by VCID-5tnq-1pgt-r7h5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2025-43960.yml 38.6.0
2026-06-12T17:39:57.001680+00:00 GitLab Importer Affected by VCID-9b7j-199x-5qhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2021-29625.yml 38.6.0
2026-06-12T17:33:24.939268+00:00 GitLab Importer Affected by VCID-78j5-x2za-jycs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2021-21311.yml 38.6.0
2026-06-12T17:33:20.458602+00:00 GitLab Importer Affected by VCID-p2d1-95dg-hyh9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/vrana/adminer/CVE-2020-35572.yml 38.6.0