Package Instance

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20270

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20270

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664
reference_id	984664
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664

reference_url

reference_id

AVG-1662

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45362

reference_url	https://access.redhat.com/errata/RHSA-2021:0781
reference_id	RHSA-2021:0781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0781

reference_url	https://access.redhat.com/errata/RHSA-2021:3252
reference_id	RHSA-2021:3252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3252

reference_url	https://access.redhat.com/errata/RHSA-2021:4139
reference_id	RHSA-2021:4139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4139

reference_url	https://access.redhat.com/errata/RHSA-2021:4150
reference_id	RHSA-2021:4150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4150

reference_url	https://access.redhat.com/errata/RHSA-2021:4151
reference_id	RHSA-2021:4151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4151

reference_url	https://usn.ubuntu.com/4885-1/
reference_id	USN-4885-1
reference_type
scores
url	https://usn.ubuntu.com/4885-1/

reference_url	https://usn.ubuntu.com/4897-2/
reference_id	USN-4897-2
reference_type
scores
url	https://usn.ubuntu.com/4897-2/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-20270, GHSA-9w8r-397f-prfh, PYSEC-2021-140

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1na8-nyq1-yfcy

url VCID-2xja-2whv-fqe4

vulnerability_id VCID-2xja-2whv-fqe4

summary mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json

reference_url

reference_id

reference_type

scores

value	0.00392
scoring_system	epss
scoring_elements	0.60186
published_at	2026-04-02T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60211
published_at	2026-04-04T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.6018
published_at	2026-04-07T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.6023
published_at	2026-04-08T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60244
published_at	2026-04-09T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60265
published_at	2026-04-11T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60251
published_at	2026-04-12T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60234
published_at	2026-04-13T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60273
published_at	2026-04-16T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60281
published_at	2026-04-18T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60267
published_at	2026-04-21T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60239
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2247805
reference_id	2247805
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2247805

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-45362

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xja-2whv-fqe4

url VCID-32f4-khen-3yez

vulnerability_id VCID-32f4-khen-3yez

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30159

reference_id

reference_type

scores

value	0.00866
scoring_system	epss
scoring_elements	0.75081
published_at	2026-04-01T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75083
published_at	2026-04-02T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75112
published_at	2026-04-04T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75089
published_at	2026-04-07T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75123
published_at	2026-04-08T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75135
published_at	2026-04-12T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75157
published_at	2026-04-11T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75124
published_at	2026-04-13T12:55:00Z

value	0.00873
scoring_system	epss
scoring_elements	0.75322
published_at	2026-04-24T12:55:00Z

value	0.00873
scoring_system	epss
scoring_elements	0.75289
published_at	2026-04-16T12:55:00Z

value	0.00873
scoring_system	epss
scoring_elements	0.75296
published_at	2026-04-18T12:55:00Z

value	0.00873
scoring_system	epss
scoring_elements	0.75287
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948638
reference_id	1948638
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948638

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30159

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32f4-khen-3yez

url VCID-424y-cjxg-c7az

vulnerability_id VCID-424y-cjxg-c7az

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25815

reference_id

reference_type

scores

value	0.00387
scoring_system	epss
scoring_elements	0.5982
published_at	2026-04-24T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5985
published_at	2026-04-21T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59866
published_at	2026-04-18T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59859
published_at	2026-04-16T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59839
published_at	2026-04-12T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59856
published_at	2026-04-11T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59835
published_at	2026-04-09T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59822
published_at	2026-04-13T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5977
published_at	2026-04-07T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59703
published_at	2026-04-01T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59801
published_at	2026-04-04T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59777
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25815

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815

reference_url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25815

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25815

reference_url

https://phabricator.wikimedia.org/T256171

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T256171

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903759
reference_id	1903759
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903759

reference_url

https://github.com/advisories/GHSA-2f58-vf6g-6p8x

reference_id

GHSA-2f58-vf6g-6p8x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2f58-vf6g-6p8x

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25815, GHSA-2f58-vf6g-6p8x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-424y-cjxg-c7az

url VCID-4dfp-3qk9-j7fg

vulnerability_id VCID-4dfp-3qk9-j7fg

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-35197

reference_id

reference_type

scores

value	0.0073
scoring_system	epss
scoring_elements	0.72618
published_at	2026-04-01T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72626
published_at	2026-04-02T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72644
published_at	2026-04-04T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72621
published_at	2026-04-07T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.7266
published_at	2026-04-08T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72673
published_at	2026-04-09T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72696
published_at	2026-04-11T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72679
published_at	2026-04-12T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72669
published_at	2026-04-13T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72711
published_at	2026-04-16T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72723
published_at	2026-04-18T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72714
published_at	2026-04-21T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72756
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1980308
reference_id	1980308
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1980308

reference_url	https://security.archlinux.org/ASA-202107-7
reference_id	ASA-202107-7
reference_type
scores
url	https://security.archlinux.org/ASA-202107-7

reference_url

https://security.archlinux.org/AVG-2093

reference_id

AVG-2093

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2093

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-35197

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dfp-3qk9-j7fg

url VCID-674z-nf4t-b7ez

vulnerability_id VCID-674z-nf4t-b7ez

summary

Cross-domain cookie leakage in Guzzle
### Impact

Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the `Set-Cookie` header, allowing a malicious server to set cookies for unrelated domains. For example an attacker at `www.example.com` might set a session cookie for `api.example.net`, logging the Guzzle client into their account and retrieving private API requests from the security log of their account.

Note that our cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with `['cookies' => true]` are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability.

### Patches

Affected Guzzle 7 users should upgrade to Guzzle 7.4.3 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.6 or 7.4.3.

### Workarounds

If you do not need support for cookies, turn off the cookie middleware. It is already off by default, but if you have turned it on and no longer need it, turn it off.

### References

* [RFC6265 Section 5.3](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3)
* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)

### For more information

If you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29248

reference_id

reference_type

scores

value	0.00637
scoring_system	epss
scoring_elements	0.70414
published_at	2026-04-02T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70546
published_at	2026-04-24T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70515
published_at	2026-04-18T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70507
published_at	2026-04-16T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70465
published_at	2026-04-13T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.7048
published_at	2026-04-12T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70495
published_at	2026-04-21T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70471
published_at	2026-04-09T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70455
published_at	2026-04-08T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.7041
published_at	2026-04-07T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70431
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml

reference_url

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab

reference_url

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab

reference_url

https://github.com/guzzle/guzzle/pull/3018

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://github.com/guzzle/guzzle/pull/3018

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29248

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29248

reference_url

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://www.drupal.org/sa-core-2022-010

reference_url

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://www.drupal.org/sa-core-2022-010

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636
reference_id	1011636
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-cwmx-hcrq-mhc3

reference_url

reference_id

GHSA-cwmx-hcrq-mhc3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cwmx-hcrq-mhc3

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-29248, GHSA-cwmx-hcrq-mhc3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-674z-nf4t-b7ez

url VCID-6ads-gs3n-dubh

vulnerability_id VCID-6ads-gs3n-dubh

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30458

reference_id

reference_type

scores

value	0.00214
scoring_system	epss
scoring_elements	0.43931
published_at	2026-04-01T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43954
published_at	2026-04-13T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43969
published_at	2026-04-12T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43984
published_at	2026-04-09T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43982
published_at	2026-04-08T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43932
published_at	2026-04-07T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.44002
published_at	2026-04-11T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.4398
published_at	2026-04-02T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58825
published_at	2026-04-24T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58859
published_at	2026-04-16T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58864
published_at	2026-04-18T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58842
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30458

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml

reference_url

https://github.com/wikimedia/mediawiki-services-parsoid

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki-services-parsoid

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-30458

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-30458

reference_url

https://phabricator.wikimedia.org/T279451

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T279451

reference_url

https://www.mediawiki.org/wiki/Parsoid

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Parsoid

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-5pqx-77vf-85rw

reference_url

reference_id

GHSA-5pqx-77vf-85rw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5pqx-77vf-85rw

reference_url

https://security.gentoo.org/glsa/202107-40

reference_id

GLSA-202107-40

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30458, GHSA-5pqx-77vf-85rw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ads-gs3n-dubh

url VCID-73p6-esc6-tydd

vulnerability_id VCID-73p6-esc6-tydd

summary mediawiki: potential XSS via MediaWiki:blanknamespace outputting Block Logs

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35478

reference_id

reference_type

scores

value	0.00446
scoring_system	epss
scoring_elements	0.63353
published_at	2026-04-01T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63413
published_at	2026-04-02T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63441
published_at	2026-04-04T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63406
published_at	2026-04-07T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63457
published_at	2026-04-08T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63475
published_at	2026-04-09T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63492
published_at	2026-04-11T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63477
published_at	2026-04-12T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63442
published_at	2026-04-13T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63476
published_at	2026-04-16T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63483
published_at	2026-04-18T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63469
published_at	2026-04-21T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63487
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909234
reference_id	1909234
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909234

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35478

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73p6-esc6-tydd

url VCID-7ar6-14bb-yfc5

vulnerability_id VCID-7ar6-14bb-yfc5

summary mediawiki: divergent behavior for contributions and user pages of hidden users and missing users

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35480

reference_id

reference_type

scores

value	0.00344
scoring_system	epss
scoring_elements	0.56945
published_at	2026-04-01T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5704
published_at	2026-04-02T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57062
published_at	2026-04-04T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57039
published_at	2026-04-07T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5709
published_at	2026-04-08T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57092
published_at	2026-04-09T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57104
published_at	2026-04-11T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57083
published_at	2026-04-18T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57059
published_at	2026-04-13T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57086
published_at	2026-04-16T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5706
published_at	2026-04-21T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.56995
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909240
reference_id	1909240
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909240

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35480

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ar6-14bb-yfc5

url VCID-7eba-7gsc-hbfg

vulnerability_id VCID-7eba-7gsc-hbfg

summary

X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29141

reference_id

reference_type

scores

value	0.00251
scoring_system	epss
scoring_elements	0.48426
published_at	2026-04-02T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48509
published_at	2026-04-16T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48459
published_at	2026-04-13T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48447
published_at	2026-04-12T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48473
published_at	2026-04-11T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48449
published_at	2026-04-09T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48455
published_at	2026-04-08T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48401
published_at	2026-04-07T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48448
published_at	2026-04-04T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52545
published_at	2026-04-24T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52594
published_at	2026-04-21T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52609
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_url

https://phabricator.wikimedia.org/T285159

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://phabricator.wikimedia.org/T285159

reference_url

https://www.debian.org/security/2023/dsa-5447

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://www.debian.org/security/2023/dsa-5447

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183627
reference_id	2183627
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183627

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29141

reference_id

CVE-2023-29141

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29141

reference_url

https://github.com/advisories/GHSA-5vj8-g3qg-4qh6

reference_id

GHSA-5vj8-g3qg-4qh6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5vj8-g3qg-4qh6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

reference_id

ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

reference_id

ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-29141, GHSA-5vj8-g3qg-4qh6

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg

url VCID-7j54-uz1w-y3dn

vulnerability_id VCID-7j54-uz1w-y3dn

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41801

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59327
published_at	2026-04-24T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59219
published_at	2026-04-01T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59293
published_at	2026-04-02T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59317
published_at	2026-04-04T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59281
published_at	2026-04-07T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59332
published_at	2026-04-08T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59345
published_at	2026-04-09T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59364
published_at	2026-04-11T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59348
published_at	2026-04-12T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.5933
published_at	2026-04-13T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59362
published_at	2026-04-16T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59369
published_at	2026-04-18T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.5935
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41801

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j54-uz1w-y3dn

url VCID-7m3q-wuh7-k7fn

vulnerability_id VCID-7m3q-wuh7-k7fn

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30154

reference_id

reference_type

scores

value	0.00814
scoring_system	epss
scoring_elements	0.7434
published_at	2026-04-24T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74306
published_at	2026-04-21T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74316
published_at	2026-04-18T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78142
published_at	2026-04-02T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78154
published_at	2026-04-07T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78181
published_at	2026-04-08T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78187
published_at	2026-04-09T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78212
published_at	2026-04-11T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78195
published_at	2026-04-12T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78191
published_at	2026-04-13T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78133
published_at	2026-04-01T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78172
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946690
reference_id	1946690
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946690

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30154

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m3q-wuh7-k7fn

url VCID-812q-n5hg-u7dx

vulnerability_id VCID-812q-n5hg-u7dx

summary mediawiki: message recentchanges-legend-watchlistexpiry can contain raw html

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35474

reference_id

reference_type

scores

value	0.00468
scoring_system	epss
scoring_elements	0.64378
published_at	2026-04-01T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64432
published_at	2026-04-02T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64462
published_at	2026-04-04T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64422
published_at	2026-04-07T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.6447
published_at	2026-04-08T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64486
published_at	2026-04-09T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64501
published_at	2026-04-11T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64489
published_at	2026-04-12T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64461
published_at	2026-04-13T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64495
published_at	2026-04-16T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64507
published_at	2026-04-18T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64499
published_at	2026-04-21T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.6452
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909227
reference_id	1909227
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909227

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35474

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-812q-n5hg-u7dx

url VCID-8sqw-6aae-13f5

vulnerability_id VCID-8sqw-6aae-13f5

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30157

reference_id

reference_type

scores

value	0.00734
scoring_system	epss
scoring_elements	0.72837
published_at	2026-04-24T12:55:00Z

value	0.00734
scoring_system	epss
scoring_elements	0.72793
published_at	2026-04-16T12:55:00Z

value	0.00734
scoring_system	epss
scoring_elements	0.72804
published_at	2026-04-18T12:55:00Z

value	0.00734
scoring_system	epss
scoring_elements	0.72796
published_at	2026-04-21T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77024
published_at	2026-04-04T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77037
published_at	2026-04-08T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77047
published_at	2026-04-09T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77076
published_at	2026-04-11T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77055
published_at	2026-04-12T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.7705
published_at	2026-04-13T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.76989
published_at	2026-04-01T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77005
published_at	2026-04-07T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.76995
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946692
reference_id	1946692
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946692

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30157

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqw-6aae-13f5

url VCID-92hf-r3sb-jbhy

vulnerability_id VCID-92hf-r3sb-jbhy

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44855

reference_id

reference_type

scores

value	0.00458
scoring_system	epss
scoring_elements	0.6389
published_at	2026-04-01T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.6395
published_at	2026-04-02T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64026
published_at	2026-04-24T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64016
published_at	2026-04-11T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64002
published_at	2026-04-12T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63972
published_at	2026-04-13T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64007
published_at	2026-04-21T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64019
published_at	2026-04-18T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63977
published_at	2026-04-04T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63936
published_at	2026-04-07T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63987
published_at	2026-04-08T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64004
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156318
reference_id	2156318
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156318

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:51:07Z/

url

https://phabricator.wikimedia.org/T293589

reference_url

reference_id

T293589

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:51:07Z/

url

https://phabricator.wikimedia.org/T293589

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44855

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92hf-r3sb-jbhy

url VCID-9346-9aaj-fkfw

vulnerability_id VCID-9346-9aaj-fkfw

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41765

reference_id

reference_type

scores

value	0.00257
scoring_system	epss
scoring_elements	0.49119
published_at	2026-04-24T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49088
published_at	2026-04-02T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49112
published_at	2026-04-12T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49118
published_at	2026-04-13T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49163
published_at	2026-04-16T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49161
published_at	2026-04-18T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49129
published_at	2026-04-21T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49117
published_at	2026-04-04T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.4907
published_at	2026-04-07T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49124
published_at	2026-04-08T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49121
published_at	2026-04-09T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49138
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156329
reference_id	2156329
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156329

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:24:49Z/

url

https://phabricator.wikimedia.org/T309894

reference_url

reference_id

T309894

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:24:49Z/

url

https://phabricator.wikimedia.org/T309894

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-41765

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9346-9aaj-fkfw

url VCID-9exs-x5s1-4bhg

vulnerability_id VCID-9exs-x5s1-4bhg

summary

Failure to strip the Cookie header on change in host or HTTP downgrade
### Impact

`Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there.

### Patches

Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.

### Workarounds

An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

### References

* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)

### For more information

If you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31042

reference_id

reference_type

scores

value	0.01454
scoring_system	epss
scoring_elements	0.80753
published_at	2026-04-02T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80864
published_at	2026-04-24T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80841
published_at	2026-04-21T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80838
published_at	2026-04-16T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80801
published_at	2026-04-13T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80809
published_at	2026-04-12T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80824
published_at	2026-04-11T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80807
published_at	2026-04-09T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80799
published_at	2026-04-08T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80771
published_at	2026-04-07T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80774
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31042

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31042

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821
reference_id	1012821
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-f2wf-25xc-69c9

reference_url

reference_id

GHSA-f2wf-25xc-69c9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f2wf-25xc-69c9

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-31042, GHSA-f2wf-25xc-69c9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9exs-x5s1-4bhg

url VCID-9g1g-z7d8-c7ah

vulnerability_id VCID-9g1g-z7d8-c7ah

summary

Regular Expression Denial of Service in papaparse
Versions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service.


## Recommendation

Upgrade to version 5.2.0 or later.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36649

reference_id

reference_type

scores

value	0.00427
scoring_system	epss
scoring_elements	0.62468
published_at	2026-04-24T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62419
published_at	2026-04-08T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62458
published_at	2026-04-21T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62474
published_at	2026-04-18T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62467
published_at	2026-04-16T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62423
published_at	2026-04-13T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62445
published_at	2026-04-12T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62455
published_at	2026-04-11T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62317
published_at	2026-04-01T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62375
published_at	2026-04-02T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62405
published_at	2026-04-04T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.6237
published_at	2026-04-07T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62436
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36649

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649

reference_url

https://github.com/mholt/PapaParse

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse

reference_url

https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621

reference_url

https://github.com/mholt/PapaParse/issues/777

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse/issues/777

reference_url

https://github.com/mholt/PapaParse/pull/779

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse/pull/779

reference_url

https://github.com/mholt/PapaParse/releases/tag/5.2.0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse/releases/tag/5.2.0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36649

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36649

reference_url

https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258

reference_url

https://vuldb.com/?ctiid.218004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://vuldb.com/?ctiid.218004

reference_url

https://vuldb.com/?id.218004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://vuldb.com/?id.218004

reference_url	https://www.npmjs.com/advisories/1515
reference_id
reference_type
scores
url	https://www.npmjs.com/advisories/1515

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2160359
reference_id	2160359
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2160359

reference_url

https://github.com/advisories/GHSA-qvjc-g5vr-mfgr

reference_id

GHSA-qvjc-g5vr-mfgr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qvjc-g5vr-mfgr

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-36649, GHSA-qvjc-g5vr-mfgr, GMS-2020-421

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9g1g-z7d8-c7ah

url VCID-9nnu-4mda-7qg9

vulnerability_id VCID-9nnu-4mda-7qg9

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41798

reference_id

reference_type

scores

value	0.00158
scoring_system	epss
scoring_elements	0.36614
published_at	2026-04-01T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36769
published_at	2026-04-02T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36801
published_at	2026-04-04T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36637
published_at	2026-04-07T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36688
published_at	2026-04-08T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36705
published_at	2026-04-09T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36714
published_at	2026-04-11T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36679
published_at	2026-04-12T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36653
published_at	2026-04-13T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36698
published_at	2026-04-16T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.3668
published_at	2026-04-18T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.3662
published_at	2026-04-21T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36396
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009507
reference_id	2009507
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009507

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31090

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41798

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nnu-4mda-7qg9

url VCID-9xyz-wzr8-wqhz

vulnerability_id VCID-9xyz-wzr8-wqhz

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	0.03005
scoring_system	epss
scoring_elements	0.86529
published_at	2026-04-02T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86609
published_at	2026-04-24T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86599
published_at	2026-04-18T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86594
published_at	2026-04-16T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86576
published_at	2026-04-09T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86567
published_at	2026-04-08T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86547
published_at	2026-04-07T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86548
published_at	2026-04-04T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.8658
published_at	2026-04-13T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86587
published_at	2026-04-12T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86591
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md

reference_url

https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md

reference_url

https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/

url

https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31090

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31090

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/

url

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492
reference_id	1014492
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-25mq-v84q-4j7r

reference_url

reference_id

GHSA-25mq-v84q-4j7r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-25mq-v84q-4j7r

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-31090, GHSA-25mq-v84q-4j7r, GMS-2022-2528

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyz-wzr8-wqhz

url VCID-ad34-frk5-kqds

vulnerability_id VCID-ad34-frk5-kqds

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30158

reference_id

reference_type

scores

value	0.0061
scoring_system	epss
scoring_elements	0.69825
published_at	2026-04-24T12:55:00Z

value	0.0061
scoring_system	epss
scoring_elements	0.69784
published_at	2026-04-16T12:55:00Z

value	0.0061
scoring_system	epss
scoring_elements	0.69794
published_at	2026-04-18T12:55:00Z

value	0.0061
scoring_system	epss
scoring_elements	0.69775
published_at	2026-04-21T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69816
published_at	2026-04-04T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69841
published_at	2026-04-08T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69856
published_at	2026-04-09T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69879
published_at	2026-04-11T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69864
published_at	2026-04-12T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69851
published_at	2026-04-13T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69788
published_at	2026-04-01T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69793
published_at	2026-04-07T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69801
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946698
reference_id	1946698
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946698

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30158

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad34-frk5-kqds

url VCID-arzd-7xhw-qqb4

vulnerability_id VCID-arzd-7xhw-qqb4

summary

OATHAuth extension in MediaWiki is not implementing rate limit
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25827

reference_id

reference_type

scores

value	0.00239
scoring_system	epss
scoring_elements	0.46977
published_at	2026-04-24T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46991
published_at	2026-04-21T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4699
published_at	2026-04-13T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46988
published_at	2026-04-08T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46987
published_at	2026-04-04T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4697
published_at	2026-04-02T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46934
published_at	2026-04-07T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.47042
published_at	2026-04-18T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.47046
published_at	2026-04-16T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46983
published_at	2026-04-12T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4701
published_at	2026-04-11T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46985
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25827

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25827

reference_url

https://phabricator.wikimedia.org/T251661

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T251661

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903761
reference_id	1903761
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903761

reference_url

https://github.com/advisories/GHSA-rqvj-fc2x-99q6

reference_id

GHSA-rqvj-fc2x-99q6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rqvj-fc2x-99q6

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25827, GHSA-rqvj-fc2x-99q6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arzd-7xhw-qqb4

url VCID-av7r-cpew-xkcn

vulnerability_id VCID-av7r-cpew-xkcn

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-45038

reference_id

reference_type

scores

value	0.00332
scoring_system	epss
scoring_elements	0.55952
published_at	2026-04-01T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56064
published_at	2026-04-02T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56084
published_at	2026-04-04T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56063
published_at	2026-04-07T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56114
published_at	2026-04-08T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56119
published_at	2026-04-09T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56131
published_at	2026-04-11T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56108
published_at	2026-04-12T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56091
published_at	2026-04-13T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56126
published_at	2026-04-16T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56128
published_at	2026-04-18T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56098
published_at	2026-04-21T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56024
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-45038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2036704
reference_id	2036704
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2036704

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-45038

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-av7r-cpew-xkcn

url VCID-azup-qzq7-sbh6

vulnerability_id VCID-azup-qzq7-sbh6

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25814

reference_id

reference_type

scores

value	0.00336
scoring_system	epss
scoring_elements	0.56401
published_at	2026-04-24T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56468
published_at	2026-04-21T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56498
published_at	2026-04-18T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56464
published_at	2026-04-13T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56483
published_at	2026-04-12T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56507
published_at	2026-04-11T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56497
published_at	2026-04-16T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56441
published_at	2026-04-07T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56492
published_at	2026-04-08T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.5646
published_at	2026-04-04T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56437
published_at	2026-04-02T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56339
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25814

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25814

reference_url

https://phabricator.wikimedia.org/T86738

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T86738

reference_url

https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903774
reference_id	1903774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903774

reference_url

https://github.com/advisories/GHSA-4vr7-m8p8-434h

reference_id

GHSA-4vr7-m8p8-434h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4vr7-m8p8-434h

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25814, GHSA-4vr7-m8p8-434h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6

url VCID-b8r6-r39r-3ffm

vulnerability_id VCID-b8r6-r39r-3ffm

summary MediaWiki: Manualthumb bypasses badFile lookup

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-36674

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13455
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13329
published_at	2026-04-24T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13336
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13243
published_at	2026-04-16T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13241
published_at	2026-04-18T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13321
published_at	2026-04-21T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13518
published_at	2026-04-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13312
published_at	2026-04-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13394
published_at	2026-04-08T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13444
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13418
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13383
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2233116
reference_id	2233116
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2233116

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

reference_id

2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

reference_id

6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

reference_id

DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

reference_url

https://phabricator.wikimedia.org/T335612

reference_id

T335612

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/

url

https://phabricator.wikimedia.org/T335612

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-36674

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8r6-r39r-3ffm

url VCID-brg4-rv29-1fgz

vulnerability_id VCID-brg4-rv29-1fgz

summary In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-27291

reference_id

reference_type

scores

value	0.03141
scoring_system	epss
scoring_elements	0.86827
published_at	2026-04-01T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86882
published_at	2026-04-13T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86887
published_at	2026-04-12T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86891
published_at	2026-04-11T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86879
published_at	2026-04-09T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.8687
published_at	2026-04-08T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.8685
published_at	2026-04-07T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86856
published_at	2026-04-04T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86837
published_at	2026-04-02T12:55:00Z

value	0.034
scoring_system	epss
scoring_elements	0.87433
published_at	2026-04-16T12:55:00Z

value	0.034
scoring_system	epss
scoring_elements	0.87447
published_at	2026-04-24T12:55:00Z

value	0.034
scoring_system	epss
scoring_elements	0.8743
published_at	2026-04-21T12:55:00Z

value	0.034
scoring_system	epss
scoring_elements	0.87436
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce

reference_url

https://github.com/advisories/GHSA-pq64-v7f5-gqh8

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pq64-v7f5-gqh8

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-27291

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-27291

reference_url

https://www.debian.org/security/2021/dsa-4878

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4878

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1940603
reference_id	1940603
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1940603

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574
reference_id	985574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574

reference_url

reference_id

AVG-1662

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json

reference_url	https://access.redhat.com/errata/RHSA-2021:0781
reference_id	RHSA-2021:0781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0781

reference_url	https://access.redhat.com/errata/RHSA-2021:3252
reference_id	RHSA-2021:3252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3252

reference_url	https://access.redhat.com/errata/RHSA-2021:4139
reference_id	RHSA-2021:4139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4139

reference_url	https://access.redhat.com/errata/RHSA-2021:4150
reference_id	RHSA-2021:4150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4150

reference_url	https://access.redhat.com/errata/RHSA-2021:4151
reference_id	RHSA-2021:4151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4151

reference_url	https://usn.ubuntu.com/4897-1/
reference_id	USN-4897-1
reference_type
scores
url	https://usn.ubuntu.com/4897-1/

reference_url	https://usn.ubuntu.com/4897-2/
reference_id	USN-4897-2
reference_type
scores
url	https://usn.ubuntu.com/4897-2/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-27291, GHSA-pq64-v7f5-gqh8, PYSEC-2021-141

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brg4-rv29-1fgz

url VCID-c8zy-wsn9-63af

vulnerability_id VCID-c8zy-wsn9-63af

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41799

reference_id

reference_type

scores

value	0.00268
scoring_system	epss
scoring_elements	0.50227
published_at	2026-04-01T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50266
published_at	2026-04-02T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50296
published_at	2026-04-04T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50244
published_at	2026-04-07T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50297
published_at	2026-04-08T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.5029
published_at	2026-04-09T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50317
published_at	2026-04-11T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50291
published_at	2026-04-12T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.5028
published_at	2026-04-13T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50324
published_at	2026-04-16T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50325
published_at	2026-04-18T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50299
published_at	2026-04-21T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50274
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009511
reference_id	2009511
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009511

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41799

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8zy-wsn9-63af

url VCID-ckkj-z5nq-akhb

vulnerability_id VCID-ckkj-z5nq-akhb

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44857

reference_id

reference_type

scores

value	0.00149
scoring_system	epss
scoring_elements	0.35294
published_at	2026-04-01T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35492
published_at	2026-04-02T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35517
published_at	2026-04-04T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.354
published_at	2026-04-07T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35446
published_at	2026-04-08T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35471
published_at	2026-04-09T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35481
published_at	2026-04-11T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35438
published_at	2026-04-12T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35414
published_at	2026-04-13T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35454
published_at	2026-04-16T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35442
published_at	2026-04-18T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.3539
published_at	2026-04-21T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35156
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2036702
reference_id	2036702
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2036702

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44857

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckkj-z5nq-akhb

url VCID-d6kz-e82q-6kh3

vulnerability_id VCID-d6kz-e82q-6kh3

summary mediawiki: potential XSS via the month messages such as MediaWiki:january through MediaWiki:december outputting Block Logs

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35479

reference_id

reference_type

scores

value	0.0086
scoring_system	epss
scoring_elements	0.74971
published_at	2026-04-01T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.74974
published_at	2026-04-02T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75003
published_at	2026-04-04T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.7498
published_at	2026-04-07T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75014
published_at	2026-04-08T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75025
published_at	2026-04-12T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75046
published_at	2026-04-11T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75015
published_at	2026-04-13T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75051
published_at	2026-04-16T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75059
published_at	2026-04-18T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75048
published_at	2026-04-21T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75087
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909237
reference_id	1909237
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909237

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35479

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6kz-e82q-6kh3

url VCID-ea7c-xk4h-13fs

vulnerability_id VCID-ea7c-xk4h-13fs

summary mediawiki: stored XSS leads to privilege escalation

references

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3550

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.4022
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.39954
published_at	2026-04-24T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40245
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40167
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40231
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40244
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40205
published_at	2026-04-18T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40187
published_at	2026-04-13T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40235
published_at	2026-04-16T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40127
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2240807
reference_id	2240807
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2240807

reference_url

https://fluidattacks.com/advisories/blondie/

reference_id

blondie

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/

url

https://fluidattacks.com/advisories/blondie/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_id

FU2FGUXXK6TMV6R52VRECLC6XCSQQISY

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_url

https://www.mediawiki.org/wiki/MediaWiki/

reference_id

MediaWiki

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/

url

https://www.mediawiki.org/wiki/MediaWiki/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-3550

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ea7c-xk4h-13fs

url VCID-eefm-65rj-pyg2

vulnerability_id VCID-eefm-65rj-pyg2

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44858

reference_id

reference_type

scores

value	0.00416
scoring_system	epss
scoring_elements	0.61568
published_at	2026-04-01T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61642
published_at	2026-04-02T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61673
published_at	2026-04-04T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61643
published_at	2026-04-07T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61692
published_at	2026-04-08T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61707
published_at	2026-04-09T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61729
published_at	2026-04-11T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61717
published_at	2026-04-12T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61698
published_at	2026-04-13T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61739
published_at	2026-04-16T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61744
published_at	2026-04-18T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61727
published_at	2026-04-21T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61721
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44858

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2036698
reference_id	2036698
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2036698

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44858

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eefm-65rj-pyg2

url VCID-fnzm-dxb3-v7hr

vulnerability_id VCID-fnzm-dxb3-v7hr

summary An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30153

reference_id

reference_type

scores

value	0.00196
scoring_system	epss
scoring_elements	0.41526
published_at	2026-04-01T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41615
published_at	2026-04-02T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41644
published_at	2026-04-04T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4157
published_at	2026-04-07T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4162
published_at	2026-04-08T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4163
published_at	2026-04-09T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41651
published_at	2026-04-11T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41619
published_at	2026-04-12T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41605
published_at	2026-04-13T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.46018
published_at	2026-04-16T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57012
published_at	2026-04-21T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.56945
published_at	2026-04-24T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57034
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153

reference_url

https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html

reference_id

094418.html

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/

url

https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://phabricator.wikimedia.org/T270453

reference_url

reference_id

T270453

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/

url

https://phabricator.wikimedia.org/T270453

reference_url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/

reference_id

XYBF5RSTJRMVCP7QBYK7643W75A3KCIY

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/

url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30153

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnzm-dxb3-v7hr

url VCID-fwb3-kxy8-73hz

vulnerability_id VCID-fwb3-kxy8-73hz

summary mediawiki: unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35477

reference_id

reference_type

scores

value	0.00474
scoring_system	epss
scoring_elements	0.64668
published_at	2026-04-01T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6472
published_at	2026-04-02T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64748
published_at	2026-04-04T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64706
published_at	2026-04-07T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64754
published_at	2026-04-08T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64769
published_at	2026-04-09T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64786
published_at	2026-04-11T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64774
published_at	2026-04-12T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64747
published_at	2026-04-13T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64785
published_at	2026-04-16T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64795
published_at	2026-04-18T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64782
published_at	2026-04-21T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64799
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909231
reference_id	1909231
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909231

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35477

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwb3-kxy8-73hz

url VCID-h8jw-brz8-hkfn

vulnerability_id VCID-h8jw-brz8-hkfn

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25812

reference_id

reference_type

scores

value	0.00371
scoring_system	epss
scoring_elements	0.58919
published_at	2026-04-24T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58937
published_at	2026-04-21T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58958
published_at	2026-04-18T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58954
published_at	2026-04-16T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.5892
published_at	2026-04-13T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58939
published_at	2026-04-12T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58957
published_at	2026-04-11T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58938
published_at	2026-04-09T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58933
published_at	2026-04-08T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58817
published_at	2026-04-01T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58881
published_at	2026-04-07T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58913
published_at	2026-04-04T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58892
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25812

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25812

reference_url

https://phabricator.wikimedia.org/T255918

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T255918

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903767
reference_id	1903767
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903767

reference_url

https://github.com/advisories/GHSA-rj9p-8jxj-2ch4

reference_id

GHSA-rj9p-8jxj-2ch4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rj9p-8jxj-2ch4

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25812, GHSA-rj9p-8jxj-2ch4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8jw-brz8-hkfn

url VCID-j1bz-4bex-4key

vulnerability_id VCID-j1bz-4bex-4key

summary mediawiki: messages userrights-expiry-current and userrights-expiry-none can contain raw html

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35475

reference_id

reference_type

scores

value	0.00592
scoring_system	epss
scoring_elements	0.69172
published_at	2026-04-01T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69188
published_at	2026-04-02T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69209
published_at	2026-04-04T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.6919
published_at	2026-04-07T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.6924
published_at	2026-04-08T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69259
published_at	2026-04-09T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69281
published_at	2026-04-11T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69266
published_at	2026-04-12T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69238
published_at	2026-04-13T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69277
published_at	2026-04-16T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69285
published_at	2026-04-18T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69265
published_at	2026-04-21T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69316
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909224
reference_id	1909224
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909224

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35475

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1bz-4bex-4key

url VCID-jm7q-2w3j-buhh

vulnerability_id VCID-jm7q-2w3j-buhh

summary

MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

references

reference_url

reference_id

reference_type

scores

value	0.11025
scoring_system	epss
scoring_elements	0.93415
published_at	2026-04-07T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93467
published_at	2026-04-24T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93464
published_at	2026-04-21T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93424
published_at	2026-04-08T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93427
published_at	2026-04-09T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93432
published_at	2026-04-12T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93433
published_at	2026-04-13T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93452
published_at	2026-04-16T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93458
published_at	2026-04-18T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93407
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_url

https://phabricator.wikimedia.org/T333050

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://phabricator.wikimedia.org/T333050

reference_url

https://www.debian.org/security/2023/dsa-5520

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://www.debian.org/security/2023/dsa-5520

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_id

CVE-2023-45363

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

reference_id

GHSA-w5fx-cx7f-6vr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-45363, GHSA-w5fx-cx7f-6vr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh

url VCID-jwkd-wdus-6ygg

vulnerability_id VCID-jwkd-wdus-6ygg

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47927

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.1637
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16139
published_at	2026-04-24T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16432
published_at	2026-04-04T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16229
published_at	2026-04-07T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16315
published_at	2026-04-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16379
published_at	2026-04-09T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16362
published_at	2026-04-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16323
published_at	2026-04-12T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16255
published_at	2026-04-13T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16191
published_at	2026-04-16T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.1621
published_at	2026-04-18T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16248
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2160625
reference_id	2160625
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2160625

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/

reference_id

AP65YEN762IBNQPOYGUVLTQIDLM5XD2A

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html

reference_url

reference_id

msg00011.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html

reference_url

https://phabricator.wikimedia.org/T322637

reference_id

T322637

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://phabricator.wikimedia.org/T322637

reference_url

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/

reference_id

UEMW64LVEH3BEXCJV43CVS6XPYURKWU3

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-47927

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwkd-wdus-6ygg

url VCID-k1f5-msra-4kam

vulnerability_id VCID-k1f5-msra-4kam

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30155

reference_id

reference_type

scores

value	0.00318
scoring_system	epss
scoring_elements	0.54855
published_at	2026-04-24T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54898
published_at	2026-04-16T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54901
published_at	2026-04-18T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.5488
published_at	2026-04-21T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63509
published_at	2026-04-13T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63525
published_at	2026-04-08T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63542
published_at	2026-04-09T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63558
published_at	2026-04-11T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63543
published_at	2026-04-12T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63422
published_at	2026-04-01T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63473
published_at	2026-04-07T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63482
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948641
reference_id	1948641
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948641

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30155

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1f5-msra-4kam

url VCID-m1j5-3ecf-dffj

vulnerability_id VCID-m1j5-3ecf-dffj

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28202

reference_id

reference_type

scores

value	0.00585
scoring_system	epss
scoring_elements	0.69122
published_at	2026-04-24T12:55:00Z

value	0.00585
scoring_system	epss
scoring_elements	0.69088
published_at	2026-04-11T12:55:00Z

value	0.00585
scoring_system	epss
scoring_elements	0.69073
published_at	2026-04-12T12:55:00Z

value	0.00585
scoring_system	epss
scoring_elements	0.69043
published_at	2026-04-13T12:55:00Z

value	0.00585
scoring_system	epss
scoring_elements	0.69083
published_at	2026-04-16T12:55:00Z

value	0.00585
scoring_system	epss
scoring_elements	0.69092
published_at	2026-04-18T12:55:00Z

value	0.00585
scoring_system	epss
scoring_elements	0.69072
published_at	2026-04-21T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.72322
published_at	2026-04-02T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.7234
published_at	2026-04-04T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.72317
published_at	2026-04-07T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.72356
published_at	2026-04-08T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.72368
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074123
reference_id	2074123
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074123

reference_url

https://security.archlinux.org/AVG-2677

reference_id

AVG-2677

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2677

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-28202

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1j5-3ecf-dffj

url VCID-nwsr-ruca-2kha

vulnerability_id VCID-nwsr-ruca-2kha

summary

Fix failure to strip Authorization header on HTTP downgrade
### Impact

`Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host.

### Patches

Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.

### Workarounds

An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

### References

* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)

### For more information

If you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31043

reference_id

reference_type

scores

value	0.01454
scoring_system	epss
scoring_elements	0.80753
published_at	2026-04-02T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80864
published_at	2026-04-24T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80841
published_at	2026-04-21T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80838
published_at	2026-04-16T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80801
published_at	2026-04-13T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80809
published_at	2026-04-12T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80824
published_at	2026-04-11T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80807
published_at	2026-04-09T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80799
published_at	2026-04-08T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80771
published_at	2026-04-07T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80774
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31043

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31043

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821
reference_id	1012821
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-w248-ffj2-4v5q

reference_url

reference_id

GHSA-w248-ffj2-4v5q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w248-ffj2-4v5q

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-31043, GHSA-w248-ffj2-4v5q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwsr-ruca-2kha

url VCID-pm5t-23j4-6yh6

vulnerability_id VCID-pm5t-23j4-6yh6

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25828

reference_id

reference_type

scores

value	0.00387
scoring_system	epss
scoring_elements	0.5982
published_at	2026-04-24T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5985
published_at	2026-04-21T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59866
published_at	2026-04-18T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59859
published_at	2026-04-16T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59839
published_at	2026-04-12T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59856
published_at	2026-04-11T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59703
published_at	2026-04-01T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59835
published_at	2026-04-09T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59822
published_at	2026-04-13T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5977
published_at	2026-04-07T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59777
published_at	2026-04-02T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59801
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25828

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-announce

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-announce

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25828

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25828

reference_url

https://phabricator.wikimedia.org/T115888

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T115888

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903776
reference_id	1903776
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903776

reference_url

https://github.com/advisories/GHSA-h8qx-mj6v-2934

reference_id

GHSA-h8qx-mj6v-2934

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h8qx-mj6v-2934

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25828, GHSA-h8qx-mj6v-2934

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6

url VCID-pw9d-1cwb-tyb9

vulnerability_id VCID-pw9d-1cwb-tyb9

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28201

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.20543
published_at	2026-04-24T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20849
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20907
published_at	2026-04-04T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20621
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20697
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20759
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20777
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20733
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20682
published_at	2026-04-13T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20668
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20665
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20656
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-28201

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pw9d-1cwb-tyb9

url VCID-qjhk-97j6-2qfm

vulnerability_id VCID-qjhk-97j6-2qfm

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44854

reference_id

reference_type

scores

value	0.00187
scoring_system	epss
scoring_elements	0.40491
published_at	2026-04-01T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40571
published_at	2026-04-08T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40382
published_at	2026-04-24T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40562
published_at	2026-04-12T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40543
published_at	2026-04-13T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40591
published_at	2026-04-16T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.4056
published_at	2026-04-18T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40484
published_at	2026-04-21T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40598
published_at	2026-04-04T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.4052
published_at	2026-04-07T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40581
published_at	2026-04-09T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40599
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156316
reference_id	2156316
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156316

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:53:28Z/

url

https://phabricator.wikimedia.org/T292763

reference_url

reference_id

T292763

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:53:28Z/

url

https://phabricator.wikimedia.org/T292763

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44854

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhk-97j6-2qfm

url VCID-qqvd-cjs3-7kab

vulnerability_id VCID-qqvd-cjs3-7kab

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34912

reference_id

reference_type

scores

value	0.00236
scoring_system	epss
scoring_elements	0.46482
published_at	2026-04-02T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46502
published_at	2026-04-12T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46452
published_at	2026-04-07T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46507
published_at	2026-04-09T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.4653
published_at	2026-04-11T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46511
published_at	2026-04-13T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46568
published_at	2026-04-16T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46565
published_at	2026-04-18T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46512
published_at	2026-04-21T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46494
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2112772
reference_id	2112772
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2112772

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41767

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-34912

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqvd-cjs3-7kab

url VCID-qwcp-5hh8-z3gp

vulnerability_id VCID-qwcp-5hh8-z3gp

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json

reference_url

reference_id

reference_type

scores

value	0.00245
scoring_system	epss
scoring_elements	0.47767
published_at	2026-04-24T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47754
published_at	2026-04-02T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47798
published_at	2026-04-11T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47784
published_at	2026-04-13T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47839
published_at	2026-04-16T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47832
published_at	2026-04-18T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47785
published_at	2026-04-21T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47774
published_at	2026-04-12T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47723
published_at	2026-04-07T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47777
published_at	2026-04-08T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47773
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41767

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156331
reference_id	2156331
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156331

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:22:46Z/

url

https://phabricator.wikimedia.org/T316304

reference_url

reference_id

T316304

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:22:46Z/

url

https://phabricator.wikimedia.org/T316304

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-41767

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwcp-5hh8-z3gp

url VCID-ruur-4cvx-cqct

vulnerability_id VCID-ruur-4cvx-cqct

summary mediawiki: cross site scripting

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-36675

reference_id

reference_type

scores

value	0.00526
scoring_system	epss
scoring_elements	0.66994
published_at	2026-04-02T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66993
published_at	2026-04-07T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67055
published_at	2026-04-09T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67074
published_at	2026-04-11T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.6706
published_at	2026-04-12T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67029
published_at	2026-04-13T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67062
published_at	2026-04-16T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67076
published_at	2026-04-18T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67057
published_at	2026-04-21T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67019
published_at	2026-04-04T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67042
published_at	2026-04-08T12:55:00Z

value	0.00531
scoring_system	epss
scoring_elements	0.67322
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-36675

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40

reference_id

1.40#Other_changes_in_1.40

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2217428
reference_id	2217428
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2217428

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

reference_id

2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

reference_id

6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

reference_id

DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

reference_url

https://phabricator.wikimedia.org/T332889

reference_id

T332889

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://phabricator.wikimedia.org/T332889

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-36675

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ruur-4cvx-cqct

url VCID-rwtk-hep1-xfaw

vulnerability_id VCID-rwtk-hep1-xfaw

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30152

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59081
published_at	2026-04-24T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59116
published_at	2026-04-16T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59121
published_at	2026-04-18T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59101
published_at	2026-04-21T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67001
published_at	2026-04-04T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67024
published_at	2026-04-08T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67036
published_at	2026-04-09T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67056
published_at	2026-04-11T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67041
published_at	2026-04-12T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.6701
published_at	2026-04-13T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66938
published_at	2026-04-01T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66975
published_at	2026-04-07T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66976
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948636
reference_id	1948636
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948636

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30152

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwtk-hep1-xfaw

url VCID-rz65-w7x5-57hu

vulnerability_id VCID-rz65-w7x5-57hu

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34911

reference_id

reference_type

scores

value	0.00435
scoring_system	epss
scoring_elements	0.62828
published_at	2026-04-02T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62858
published_at	2026-04-04T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62822
published_at	2026-04-07T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62873
published_at	2026-04-08T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62889
published_at	2026-04-09T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62907
published_at	2026-04-11T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62897
published_at	2026-04-12T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62875
published_at	2026-04-13T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62915
published_at	2026-04-16T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62923
published_at	2026-04-24T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62902
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2112770
reference_id	2112770
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2112770

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-34911

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rz65-w7x5-57hu

url VCID-sc5s-s7vg-dygq

vulnerability_id VCID-sc5s-s7vg-dygq

summary mediawiki: denial of service

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34506

reference_id

reference_type

scores

value	0.00171
scoring_system	epss
scoring_elements	0.38124
published_at	2026-04-24T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38321
published_at	2026-04-13T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38369
published_at	2026-04-16T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38348
published_at	2026-04-18T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38284
published_at	2026-04-21T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.3842
published_at	2026-04-02T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38444
published_at	2026-04-04T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38308
published_at	2026-04-07T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38358
published_at	2026-04-08T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38367
published_at	2026-04-09T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38383
published_at	2026-04-11T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38346
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2279231
reference_id	2279231
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2279231

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_id

FU2FGUXXK6TMV6R52VRECLC6XCSQQISY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_url

https://phabricator.wikimedia.org/T357760

reference_id

T357760

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/

url

https://phabricator.wikimedia.org/T357760

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2024-34506

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sc5s-s7vg-dygq

url VCID-sca5-n7rz-rffq

vulnerability_id VCID-sca5-n7rz-rffq

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44856

reference_id

reference_type

scores

value	0.00176
scoring_system	epss
scoring_elements	0.38942
published_at	2026-04-01T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39127
published_at	2026-04-02T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38824
published_at	2026-04-24T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39116
published_at	2026-04-12T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39096
published_at	2026-04-13T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39151
published_at	2026-04-16T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39121
published_at	2026-04-18T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39032
published_at	2026-04-21T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.3915
published_at	2026-04-04T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39069
published_at	2026-04-07T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39124
published_at	2026-04-08T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39141
published_at	2026-04-09T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39153
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156326
reference_id	2156326
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156326

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:49:08Z/

url

https://phabricator.wikimedia.org/T271037

reference_url

reference_id

T271037

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:49:08Z/

url

https://phabricator.wikimedia.org/T271037

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44856

risk_score 2.2

exploitability 0.5

weighted_severity 4.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sca5-n7rz-rffq

url VCID-ujdn-y48t-pbch

vulnerability_id VCID-ujdn-y48t-pbch

summary

MediaWiki Special:UserRights exposes the existence of hidden users
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, Special:UserRights exposes the existence of hidden users.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25813

reference_id

reference_type

scores

value	0.00366
scoring_system	epss
scoring_elements	0.58584
published_at	2026-04-24T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58639
published_at	2026-04-18T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.5862
published_at	2026-04-12T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58565
published_at	2026-04-07T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58595
published_at	2026-04-04T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58574
published_at	2026-04-02T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58489
published_at	2026-04-01T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58634
published_at	2026-04-16T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.586
published_at	2026-04-13T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.5864
published_at	2026-04-11T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58623
published_at	2026-04-09T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58616
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

https://meta.wikimedia.org/wiki/Special:UserRights

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://meta.wikimedia.org/wiki/Special:UserRights

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25813

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25813

reference_url

https://phabricator.wikimedia.org/T232568

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T232568

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903764
reference_id	1903764
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903764

reference_url

https://github.com/advisories/GHSA-c4rj-wrmq-52rj

reference_id

GHSA-c4rj-wrmq-52rj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c4rj-wrmq-52rj

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25813, GHSA-c4rj-wrmq-52rj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujdn-y48t-pbch

url VCID-wzqf-k99e-vbeu

vulnerability_id VCID-wzqf-k99e-vbeu

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31091

reference_id

reference_type

scores

value	0.0034
scoring_system	epss
scoring_elements	0.5672
published_at	2026-04-02T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.5668
published_at	2026-04-24T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56742
published_at	2026-04-21T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56768
published_at	2026-04-18T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.5674
published_at	2026-04-13T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56761
published_at	2026-04-12T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56784
published_at	2026-04-11T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56775
published_at	2026-04-09T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56771
published_at	2026-04-16T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56719
published_at	2026-04-07T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56741
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/

url

https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31091

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31091

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/

url

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492
reference_id	1014492
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-q559-8m2m-g699

reference_url

reference_id

GHSA-q559-8m2m-g699

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q559-8m2m-g699

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28203

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-31091, GHSA-q559-8m2m-g699, GMS-2022-2529

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzqf-k99e-vbeu

url VCID-yakw-r8bh-5bde

vulnerability_id VCID-yakw-r8bh-5bde

summary security update

references

reference_url

reference_id

reference_type

scores

value	0.00418
scoring_system	epss
scoring_elements	0.61829
published_at	2026-04-24T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61751
published_at	2026-04-07T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61781
published_at	2026-04-04T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.618
published_at	2026-04-08T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61815
published_at	2026-04-09T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61835
published_at	2026-04-21T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61823
published_at	2026-04-12T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61803
published_at	2026-04-13T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61847
published_at	2026-04-16T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61852
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-28203

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yakw-r8bh-5bde

url VCID-z9d9-aer5-gfa9

vulnerability_id VCID-z9d9-aer5-gfa9

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.39035
published_at	2026-04-24T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39164
published_at	2026-04-01T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.3935
published_at	2026-04-02T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39374
published_at	2026-04-04T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39287
published_at	2026-04-07T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39342
published_at	2026-04-08T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39359
published_at	2026-04-09T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39371
published_at	2026-04-11T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39331
published_at	2026-04-12T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39313
published_at	2026-04-13T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39365
published_at	2026-04-16T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39337
published_at	2026-04-18T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.3925
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/

reference_url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
reference_id
reference_type
scores
url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41800

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41800

reference_url

https://phabricator.wikimedia.org/T284419

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T284419

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517
reference_id	2009517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-c8wv-qwwc-6j73

reference_url

reference_id

GHSA-c8wv-qwwc-6j73

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c8wv-qwwc-6j73

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url