Search for packages
Package details: pkg:composer/phpmyadmin/phpmyadmin@4.4.14%2B1
purl pkg:composer/phpmyadmin/phpmyadmin@4.4.14%2B1
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-7udu-bp8s-t7es
Aliases:
CVE-2017-1000013
GHSA-5h5m-fj48-qpjw
phpMyAdmin Open Redirect phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness
4.4.15+10
Affected by 2 other vulnerabilities.
4.6.6
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-84pb-neh5-73by
Aliases:
CVE-2016-2041
GHSA-8m97-xc46-rw9w
phpMyAdmin Unsafe comparison of XSRF/CSRF token libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
4.4.15+3
Affected by 2 other vulnerabilities.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-p8xn-tscc-4qhu
Aliases:
CVE-2017-1000015
GHSA-3fgq-cmr4-97rr
4.4.15+10
Affected by 2 other vulnerabilities.
4.6.6
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-qxgd-ufvd-nue7
Aliases:
CVE-2016-2040
GHSA-pw34-qf6c-84fc
phpMyAdmin XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
4.4.15+3
Affected by 2 other vulnerabilities.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-zxus-a2uc-aqe8
Aliases:
CVE-2017-1000014
GHSA-9hrc-rwrq-v6mh
4.4.15+10
Affected by 2 other vulnerabilities.
4.6.6
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-02T12:42:42.174327+00:00 GHSA Importer Fixing VCID-49vs-6j8s-pkey https://github.com/advisories/GHSA-v6fh-vg22-r6cm 37.0.0
2025-08-02T09:10:21.018357+00:00 GitLab Importer Fixing VCID-49vs-6j8s-pkey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2015-6830.yml 37.0.0
2025-07-31T09:21:57.564098+00:00 GitLab Importer Affected by VCID-zxus-a2uc-aqe8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-1000014.yml 37.0.0
2025-07-31T09:21:57.311744+00:00 GitLab Importer Affected by VCID-7udu-bp8s-t7es https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-1000013.yml 37.0.0
2025-07-31T09:21:56.441158+00:00 GitLab Importer Affected by VCID-p8xn-tscc-4qhu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-1000015.yml 37.0.0
2025-07-31T09:21:25.934933+00:00 GitLab Importer Affected by VCID-84pb-neh5-73by https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2041.yml 37.0.0
2025-07-31T09:21:25.757719+00:00 GitLab Importer Affected by VCID-qxgd-ufvd-nue7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2040.yml 37.0.0
2025-07-31T09:10:29.499297+00:00 GithubOSV Importer Fixing VCID-49vs-6j8s-pkey https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v6fh-vg22-r6cm/GHSA-v6fh-vg22-r6cm.json 37.0.0