There was recently bug in our bug tracker that we compete with Microsoft
to achieve highest number of security bugs. We definitely do not
compete! However there always be security issues in such big
Majority of them are XSS issues, which are hard to detect automatically,
so you either have to test various inputs or deeply analyze the code.
Most attackers choose testing method and it sometimes bring them fruit.
We try to fix any found issue as soon as possible, but it is not in our
possibilities to fix it for all past releases that might have been
included in some distribution.
Anyway I'd like to improve phpMyAdmin in this area and I think nobody
would object if somebody would help us with code audit. I'm not enough
experienced to see all possible flaws in code.