104 matches found
CVE-2022-31011
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...
EUVD-2020-0044
Malware in sbrugna...
EUVD-2022-37871
Malicious code in bioql PyPI...
EUVD-2022-7269
Malicious code in bioql PyPI...
EUVD-2022-5925
Malicious code in bioql PyPI...
EUVD-2024-35387
Malicious code in bioql PyPI...
MAL-2025-36892 Malicious code in tidb-dashboard-ui (npm)
The package tidb-dashboard-ui was found to contain malicious code...
Malicious code in tidb-dashboard-ui (npm)
The package tidb-dashboard-ui was found to contain malicious code...
Malicious code in tidb-lightning-web (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6771 Malicious code in tidb-lightning-web (npm)
The package communicates with a domain associated with malicious activity...
CVE-2024-41433
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input. NOTE: PingCAP maintains that the actual reproduction of this issue did not cause the securi...
CVE-2024-41434
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component Column.GetDecimal. This allows attackers to cause a Denial of Service DoS via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the retu...
CVE-2022-3023
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3...
CVE-2022-34969
PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference...
CVE-2020-13921
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
CVE-2024-33809
PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks...
CVE-2024-35618
PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer...
SUSE CVE-2024-37820
A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...
GO-2024-3284 PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb
PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an...
Buffer Overflow
github.com/pingcap/tidb is vulnerable to a Buffer Overflow. The vulnerability exists due to insufficient validation of the return type when checking the expression between 'Agg' and 'GroupBy', which allows an attacker to cause a Denial of Service DoS via crafted input during the...