Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1026190?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "type": "deb", "namespace": "debian", "name": "mediawiki", "version": "1:1.35.13-1+deb11u2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:1.39.17-1+deb12u2", "latest_non_vulnerable_version": "1:1.43.8+dfsg-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96640?format=api", "vulnerability_id": "VCID-2wcb-hty6-uyez", "summary": "Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63766", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67788", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67805", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67791", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67757", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67793", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67735", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67715", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67767", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67781", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072" }, { "reference_url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134", "reference_id": "1120134", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:39:44Z/" } ], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134" }, { "reference_url": "https://phabricator.wikimedia.org/T386175", "reference_id": "T386175", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:39:44Z/" } ], "url": "https://phabricator.wikimedia.org/T386175" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-32072" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wcb-hty6-uyez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96907?format=api", "vulnerability_id": "VCID-3zue-5ccg-23hs", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20645", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20636", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20647", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33244", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33338", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33279", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.3337", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33202", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.365", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36524", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67480" }, { "reference_url": "https://phabricator.wikimedia.org/T401053", "reference_id": "T401053", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:01:49Z/" } ], "url": "https://phabricator.wikimedia.org/T401053" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67480" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zue-5ccg-23hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96834?format=api", "vulnerability_id": "VCID-4yhr-jjt9-afaq", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61641", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00371", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00385", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00372", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00374", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0056", "published_at": "2026-04-21T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00521", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00526", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00525", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00523", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00524", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641" }, { "reference_url": "https://phabricator.wikimedia.org/T298690", "reference_id": "T298690", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:09:22Z/" } ], "url": "https://phabricator.wikimedia.org/T298690" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61641" ], "risk_score": 0.5, "exploitability": "0.5", "weighted_severity": "1.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yhr-jjt9-afaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77881?format=api", "vulnerability_id": "VCID-5myd-ngfx-5qhb", "summary": "mediawiki: group-.*-member messages are not properly escaped on Special:log/rights", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51704.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60551", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60579", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60548", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60597", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60637", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60622", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60601", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60643", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60648", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60636", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255582", "reference_id": "2255582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255582" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2023-51704" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5myd-ngfx-5qhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96646?format=api", "vulnerability_id": "VCID-74ej-8sna-jyek", "summary": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68798", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68809", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68819", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68739", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68717", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68768", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68788", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.6881", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68796", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68767", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698" }, { "reference_url": "https://phabricator.wikimedia.org/T385958", "reference_id": "T385958", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:51:46Z/" } ], "url": "https://phabricator.wikimedia.org/T385958" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-32698" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74ej-8sna-jyek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96645?format=api", "vulnerability_id": "VCID-7831-8u7z-6fep", "summary": "Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54193", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54159", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54209", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54191", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5417", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54208", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54212", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54135", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5411", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54161", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32697" }, { "reference_url": "https://phabricator.wikimedia.org/T140010", "reference_id": "T140010", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:05:19Z/" } ], "url": "https://phabricator.wikimedia.org/T140010" }, { "reference_url": "https://phabricator.wikimedia.org/T24521", "reference_id": "T24521", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:05:19Z/" } ], "url": "https://phabricator.wikimedia.org/T24521" }, { "reference_url": "https://phabricator.wikimedia.org/T62109", "reference_id": "T62109", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:05:19Z/" } ], "url": "https://phabricator.wikimedia.org/T62109" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068111?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026192?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-buwp-69zb-93hs" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-q7k6-59z5-d7a7" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xdct-ca96-3uat" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1" } ], "aliases": [ "CVE-2025-32697" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7831-8u7z-6fep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96839?format=api", "vulnerability_id": "VCID-7wh4-say2-pqap", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61656", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05235", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06029", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06064", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06021", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06179", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14413", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14276", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14358", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14403", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61656" }, { "reference_url": "https://phabricator.wikimedia.org/T397232", "reference_id": "T397232", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:00:27Z/" } ], "url": "https://phabricator.wikimedia.org/T397232" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61656" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wh4-say2-pqap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64772?format=api", "vulnerability_id": "VCID-8uw8-ja3w-r3da", "summary": "MediaWiki: MediaWiki: Cross-site Scripting (XSS) vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11261.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11261.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11261", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00267", "published_at": "2026-04-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00261", "published_at": "2026-04-08T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00259", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0037", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00347", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00343", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0035", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11261" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436168", "reference_id": "2436168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436168" }, { "reference_url": "https://phabricator.wikimedia.org/T402077", "reference_id": "T402077", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:05Z/" } ], "url": "https://phabricator.wikimedia.org/T402077" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-11261" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uw8-ja3w-r3da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96891?format=api", "vulnerability_id": "VCID-95d1-mkm6-r3cq", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6591", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02371", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02275", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02062", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02064", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02066", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02299", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02268", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6591" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6591", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6591" }, { "reference_url": "https://phabricator.wikimedia.org/T392276", "reference_id": "T392276", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T15:32:29Z/" } ], "url": "https://phabricator.wikimedia.org/T392276" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6591" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95d1-mkm6-r3cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64779?format=api", "vulnerability_id": "VCID-a8nh-mvhd-bka7", "summary": "MediaWiki: MediaWiki: Vulnerability in authentication management", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6597.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6597.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05644", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05684", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05716", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05743", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05932", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06083", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05974", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05965", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05955", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05921", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6597" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436116", "reference_id": "2436116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436116" }, { "reference_url": "https://phabricator.wikimedia.org/T389009", "reference_id": "T389009", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:12:25Z/" } ], "url": "https://phabricator.wikimedia.org/T389009" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6597" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8nh-mvhd-bka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96893?format=api", "vulnerability_id": "VCID-b5ke-cjtq-q3ev", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6595", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00422", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00317", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00316", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00428", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00423", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6595" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6595", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6595" }, { "reference_url": "https://phabricator.wikimedia.org/T394863", "reference_id": "T394863", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T19:53:03Z/" } ], "url": "https://phabricator.wikimedia.org/T394863" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6595" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5ke-cjtq-q3ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349652?format=api", "vulnerability_id": "VCID-cbtm-g4t5-u3am", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34093" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068111?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068115?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026193?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059947?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2" } ], "aliases": [ "CVE-2026-34093" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbtm-g4t5-u3am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349650?format=api", "vulnerability_id": "VCID-d5vz-puw9-t7er", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34088" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068111?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068115?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026193?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059947?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2" } ], "aliases": [ "CVE-2026-34088" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5vz-puw9-t7er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96837?format=api", "vulnerability_id": "VCID-den1-257q-euc9", "summary": "Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25053", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25092", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24867", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24936", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24981", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24995", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25581", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25538", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25566", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25636", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25579", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653" }, { "reference_url": "https://phabricator.wikimedia.org/T397577", "reference_id": "T397577", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T20:59:18Z/" } ], "url": "https://phabricator.wikimedia.org/T397577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61653" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-den1-257q-euc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96449?format=api", "vulnerability_id": "VCID-e8np-4nbw-t3b3", "summary": "Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03696", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03658", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03936", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03948", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03986", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173" }, { "reference_url": "https://phabricator.wikimedia.org/T401862", "reference_id": "T401862", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:50Z/" } ], "url": "https://phabricator.wikimedia.org/T401862" }, { "reference_url": "https://phabricator.wikimedia.org/T402094", "reference_id": "T402094", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:50Z/" } ], "url": "https://phabricator.wikimedia.org/T402094" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-11173" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8np-4nbw-t3b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96833?format=api", "vulnerability_id": "VCID-fptt-2t1j-8fec", "summary": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61639", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00496", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00491", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00489", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00678", "published_at": "2026-04-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00716", "published_at": "2026-04-21T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00685", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00677", "published_at": "2026-04-18T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00671", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61639" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639" }, { "reference_url": "https://phabricator.wikimedia.org/T280413", "reference_id": "T280413", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:10:07Z/" } ], "url": "https://phabricator.wikimedia.org/T280413" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61639" ], "risk_score": 0.5, "exploitability": "0.5", "weighted_severity": "1.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fptt-2t1j-8fec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96917?format=api", "vulnerability_id": "VCID-h3d2-nr9e-nqbk", "summary": "Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24479", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24424", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24382", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24343", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24332", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24513", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24296", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24363", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24407", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25501", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6926" }, { "reference_url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117", "reference_id": "1165117", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-03T17:40:14Z/" } ], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117" }, { "reference_url": "https://phabricator.wikimedia.org/T389010", "reference_id": "T389010", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-03T17:40:14Z/" } ], "url": "https://phabricator.wikimedia.org/T389010" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6926" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h3d2-nr9e-nqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96890?format=api", "vulnerability_id": "VCID-h789-pcxv-kbgd", "summary": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6590", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01796", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01706", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01527", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01531", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01538", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01541", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01727", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01716", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01705", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6590", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6590" }, { "reference_url": "https://phabricator.wikimedia.org/T392746", "reference_id": "T392746", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:11:34Z/" } ], "url": "https://phabricator.wikimedia.org/T392746" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6590" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h789-pcxv-kbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64778?format=api", "vulnerability_id": "VCID-k7qb-7hbj-1qc2", "summary": "MediaWiki: MediaWiki: Cross-site Scripting vulnerability via improper input neutralization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6594.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6594.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6594", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00317", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00422", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00316", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00428", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6594" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6594", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6594" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436122", "reference_id": "2436122", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436122" }, { "reference_url": "https://phabricator.wikimedia.org/T395063", "reference_id": "T395063", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T19:57:15Z/" } ], "url": "https://phabricator.wikimedia.org/T395063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6594" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7qb-7hbj-1qc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349653?format=api", "vulnerability_id": "VCID-kw32-af5a-hqg8", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34095" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068111?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068115?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026193?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059947?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2" } ], "aliases": [ "CVE-2026-34095" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kw32-af5a-hqg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96831?format=api", "vulnerability_id": "VCID-m1xy-yucr-dqfs", "summary": "Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit: *.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03696", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03948", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03936", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635" }, { "reference_url": "https://phabricator.wikimedia.org/T355073", "reference_id": "T355073", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M/U:Amber" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:13:27Z/" } ], "url": "https://phabricator.wikimedia.org/T355073" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61635" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1xy-yucr-dqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96908?format=api", "vulnerability_id": "VCID-m7uw-sa5j-u3bw", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01314", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01999", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01915", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01941", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0573", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05765", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05689", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67481" }, { "reference_url": "https://phabricator.wikimedia.org/T251032", "reference_id": "T251032", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:13Z/" } ], "url": "https://phabricator.wikimedia.org/T251032" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67481" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7uw-sa5j-u3bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96836?format=api", "vulnerability_id": "VCID-mbs4-gs37-1fh5", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61646", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00396", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00385", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00382", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00383", "published_at": "2026-04-09T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00548", "published_at": "2026-04-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00587", "published_at": "2026-04-21T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00547", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0055", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00545", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61646" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646" }, { "reference_url": "https://phabricator.wikimedia.org/T398706", "reference_id": "T398706", "reference_type": "", "scores": [ { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:04:40Z/" } ], "url": "https://phabricator.wikimedia.org/T398706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61646" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbs4-gs37-1fh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64776?format=api", "vulnerability_id": "VCID-pm3s-z5ap-qqay", "summary": "MediaWiki: MediaWiki: Arbitrary code execution via Cross-site Scripting (XSS)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61640.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61640.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61640", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00267", "published_at": "2026-04-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00261", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00347", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00343", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0037", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00353", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0035", "published_at": "2026-04-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00348", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436106", "reference_id": "2436106", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436106" }, { "reference_url": "https://phabricator.wikimedia.org/T402075", "reference_id": "T402075", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:09:45Z/" } ], "url": "https://phabricator.wikimedia.org/T402075" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61640" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pm3s-z5ap-qqay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96647?format=api", "vulnerability_id": "VCID-pwjk-pzpj-aff6", "summary": "Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55778", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.6033", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60333", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60341", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60241", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.6029", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60312", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60293", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699" }, { "reference_url": "https://phabricator.wikimedia.org/T387130", "reference_id": "T387130", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/RE:M/U:Amber" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:51:20Z/" } ], "url": "https://phabricator.wikimedia.org/T387130" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-32699" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwjk-pzpj-aff6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96909?format=api", "vulnerability_id": "VCID-qpgu-mg6m-vyef", "summary": "Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05245", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05277", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05303", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05359", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0567", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05507", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05554", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05547", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67482" }, { "reference_url": "https://phabricator.wikimedia.org/T408135", "reference_id": "T408135", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:14Z/" } ], "url": "https://phabricator.wikimedia.org/T408135" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67482" ], "risk_score": 0.5, "exploitability": "0.5", "weighted_severity": "1.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpgu-mg6m-vyef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96832?format=api", "vulnerability_id": "VCID-sr9a-a6vt-1qgt", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61638", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00312", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00323", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00311", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00321", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00463", "published_at": "2026-04-21T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00428", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00433", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00437", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00431", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638" }, { "reference_url": "https://phabricator.wikimedia.org/T401099", "reference_id": "T401099", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:10:22Z/" } ], "url": "https://phabricator.wikimedia.org/T401099" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61638" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sr9a-a6vt-1qgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96906?format=api", "vulnerability_id": "VCID-tutk-y8jg-n7dh", "summary": "Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05376", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0554", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05372", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05583", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0551", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05579", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05607", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05546", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05545", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05811", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05818", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67478" }, { "reference_url": "https://phabricator.wikimedia.org/T385403", "reference_id": "T385403", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:08Z/" } ], "url": "https://phabricator.wikimedia.org/T385403" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67478" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tutk-y8jg-n7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64768?format=api", "vulnerability_id": "VCID-v3dp-7stt-tygf", "summary": "MediaWiki: MediaWiki: Cross-site Scripting vulnerability due to improper input neutralization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01642", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02532", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02425", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02432", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06192", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06288", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06223", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06247", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67475" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436176", "reference_id": "2436176", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436176" }, { "reference_url": "https://phabricator.wikimedia.org/T406664", "reference_id": "T406664", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:07Z/" } ], "url": "https://phabricator.wikimedia.org/T406664" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67475" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3dp-7stt-tygf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96838?format=api", "vulnerability_id": "VCID-vjd5-jv5h-yfhw", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04535", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05502", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05492", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05664", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13121", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13002", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13067", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61655" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61655", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61655" }, { "reference_url": "https://phabricator.wikimedia.org/T395858", "reference_id": "T395858", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:00:47Z/" } ], "url": "https://phabricator.wikimedia.org/T395858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61655" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjd5-jv5h-yfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96644?format=api", "vulnerability_id": "VCID-w51y-hprj-buap", "summary": "Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50697", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55749", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55771", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55704", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55755", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55767", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55748", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696" }, { "reference_url": "https://phabricator.wikimedia.org/T304474", "reference_id": "T304474", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:06:02Z/" } ], "url": "https://phabricator.wikimedia.org/T304474" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-32696" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w51y-hprj-buap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349648?format=api", "vulnerability_id": "VCID-wktm-ya6k-v7dv", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34086" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068111?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026192?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-buwp-69zb-93hs" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-q7k6-59z5-d7a7" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xdct-ca96-3uat" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068115?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026193?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059947?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2" } ], "aliases": [ "CVE-2026-34086" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wktm-ya6k-v7dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64771?format=api", "vulnerability_id": "VCID-wraf-59ce-u3br", "summary": "MediaWiki: MediaWiki: Vulnerability in parsing and sanitization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05245", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05277", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05303", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05359", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0567", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05507", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05554", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05547", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436184", "reference_id": "2436184", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436184" }, { "reference_url": "https://phabricator.wikimedia.org/T407131", "reference_id": "T407131", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:19Z/" } ], "url": "https://phabricator.wikimedia.org/T407131" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67479" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wraf-59ce-u3br" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349649?format=api", "vulnerability_id": "VCID-x8t7-agtn-zudu", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34087" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068111?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068115?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026193?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059947?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2" } ], "aliases": [ "CVE-2026-34087" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8t7-agtn-zudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96892?format=api", "vulnerability_id": "VCID-xtd9-wbd9-67ew", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6593", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03696", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03948", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03936", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6593", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6593" }, { "reference_url": "https://phabricator.wikimedia.org/T396230", "reference_id": "T396230", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T14:42:43Z/" } ], "url": "https://phabricator.wikimedia.org/T396230" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6593" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtd9-wbd9-67ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96662?format=api", "vulnerability_id": "VCID-z3qw-4ejj-uffj", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62921", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.6693", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66932", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66947", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.6689", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66863", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66911", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66925", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66945", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66931", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66899", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469" }, { "reference_url": "https://phabricator.wikimedia.org/T358689", "reference_id": "T358689", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:06:28Z/" } ], "url": "https://phabricator.wikimedia.org/T358689" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-3469" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3qw-4ejj-uffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64767?format=api", "vulnerability_id": "VCID-z8qp-v64u-tuh8", "summary": "MediaWiki: MediaWiki: Vulnerability in ApiFormatXml.Php requiring high privileges", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09518", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09366", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09368", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09879", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09933", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09954", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12043", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67484" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436190", "reference_id": "2436190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436190" }, { "reference_url": "https://phabricator.wikimedia.org/T401995", "reference_id": "T401995", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:02:03Z/" } ], "url": "https://phabricator.wikimedia.org/T401995" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67484" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8qp-v64u-tuh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349651?format=api", "vulnerability_id": "VCID-zmax-894d-5kfd", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34092" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068111?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068115?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026193?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059947?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2" } ], "aliases": [ "CVE-2026-34092" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zmax-894d-5kfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96835?format=api", "vulnerability_id": "VCID-ztxx-cc2c-87at", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61643", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00619", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00614", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00612", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00606", "published_at": "2026-04-09T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0082", "published_at": "2026-04-21T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00777", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00776", "published_at": "2026-04-18T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00772", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61643" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643" }, { "reference_url": "https://phabricator.wikimedia.org/T403757", "reference_id": "T403757", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:15:36Z/" } ], "url": "https://phabricator.wikimedia.org/T403757" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61643" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztxx-cc2c-87at" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6299?format=api", "vulnerability_id": "VCID-1na8-nyq1-yfcy", "summary": "An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the \"exception\" keyword.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42583", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42655", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42672", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42708", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42685", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42673", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42682", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42654", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44911", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44961", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44968", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20270" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-9w8r-397f-prfh", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9w8r-397f-prfh" }, { "reference_url": "https://github.com/pygments/pygments", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments" }, { "reference_url": "https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20270" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4889" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664", "reference_id": "984664", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664" }, { "reference_url": "https://security.archlinux.org/AVG-1662", "reference_id": "AVG-1662", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1662" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0781", "reference_id": "RHSA-2021:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3252", "reference_id": "RHSA-2021:3252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4139", "reference_id": "RHSA-2021:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4150", "reference_id": "RHSA-2021:4150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4151", "reference_id": "RHSA-2021:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4151" }, { "reference_url": "https://usn.ubuntu.com/4885-1/", "reference_id": "USN-4885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4885-1/" }, { "reference_url": "https://usn.ubuntu.com/4897-2/", "reference_id": "USN-4897-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4897-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-20270", "GHSA-9w8r-397f-prfh", "PYSEC-2021-140" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1na8-nyq1-yfcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78031?format=api", "vulnerability_id": "VCID-2xja-2whv-fqe4", "summary": "mediawiki: diff-multi-sameuser (\"X intermediate revisions by the same user not shown\") ignores username suppression", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60186", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60211", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.6018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.6023", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60244", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60234", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60273", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60281", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60267", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247805", "reference_id": "2247805", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247805" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-45362" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xja-2whv-fqe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51028?format=api", "vulnerability_id": "VCID-32f4-khen-3yez", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75081", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75112", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75089", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75123", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75157", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75124", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75287", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75289", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75296", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30159" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948638", "reference_id": "1948638", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948638" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30159" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32f4-khen-3yez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58484?format=api", "vulnerability_id": "VCID-424y-cjxg-c7az", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25815", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5985", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59859", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59839", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5977", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59703", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815" }, { "reference_url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25815", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25815" }, { "reference_url": "https://phabricator.wikimedia.org/T256171", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T256171" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903759", "reference_id": "1903759", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903759" }, { "reference_url": "https://github.com/advisories/GHSA-2f58-vf6g-6p8x", "reference_id": "GHSA-2f58-vf6g-6p8x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2f58-vf6g-6p8x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25815", "GHSA-2f58-vf6g-6p8x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-424y-cjxg-c7az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51030?format=api", "vulnerability_id": "VCID-4dfp-3qk9-j7fg", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72618", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72626", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72621", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.7266", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72673", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72696", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72669", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72711", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72723", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72714", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980308", "reference_id": "1980308", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980308" }, { "reference_url": "https://security.archlinux.org/ASA-202107-7", "reference_id": "ASA-202107-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-7" }, { "reference_url": "https://security.archlinux.org/AVG-2093", "reference_id": "AVG-2093", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2093" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-35197" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dfp-3qk9-j7fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55256?format=api", "vulnerability_id": "VCID-674z-nf4t-b7ez", "summary": "Cross-domain cookie leakage in Guzzle\n### Impact\n\nPrevious version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the `Set-Cookie` header, allowing a malicious server to set cookies for unrelated domains. For example an attacker at `www.example.com` might set a session cookie for `api.example.net`, logging the Guzzle client into their account and retrieving private API requests from the security log of their account.\n\nNote that our cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with `['cookies' => true]` are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability.\n\n### Patches\n\nAffected Guzzle 7 users should upgrade to Guzzle 7.4.3 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.6 or 7.4.3.\n\n### Workarounds\n\nIf you do not need support for cookies, turn off the cookie middleware. It is already off by default, but if you have turned it on and no longer need it, turn it off.\n\n### References\n\n* [RFC6265 Section 5.3](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3)\n* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)\n\n### For more information\n\nIf you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70515", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70414", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.7041", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70471", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70495", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.7048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70465", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70507", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab" }, { "reference_url": "https://github.com/guzzle/guzzle/pull/3018", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://github.com/guzzle/guzzle/pull/3018" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29248" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://www.drupal.org/sa-core-2022-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://www.drupal.org/sa-core-2022-010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636", "reference_id": "1011636", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-cwmx-hcrq-mhc3", "reference_id": "GHSA-cwmx-hcrq-mhc3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwmx-hcrq-mhc3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-29248", "GHSA-cwmx-hcrq-mhc3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-674z-nf4t-b7ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51029?format=api", "vulnerability_id": "VCID-6ads-gs3n-dubh", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.4398", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43932", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44002", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43931", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43954", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43969", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43984", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43982", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58842", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58864", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58859", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki-services-parsoid", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki-services-parsoid" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30458", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30458" }, { "reference_url": "https://phabricator.wikimedia.org/T279451", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T279451" }, { "reference_url": "https://www.mediawiki.org/wiki/Parsoid", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Parsoid" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://github.com/advisories/GHSA-5pqx-77vf-85rw", "reference_id": "GHSA-5pqx-77vf-85rw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pqx-77vf-85rw" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30458", "GHSA-5pqx-77vf-85rw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ads-gs3n-dubh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80688?format=api", "vulnerability_id": "VCID-73p6-esc6-tydd", "summary": "mediawiki: potential XSS via MediaWiki:blanknamespace outputting Block Logs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63353", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63413", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63441", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63406", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63457", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63475", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63492", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63477", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63442", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63483", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63469", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909234", "reference_id": "1909234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909234" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35478" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73p6-esc6-tydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80690?format=api", "vulnerability_id": "VCID-7ar6-14bb-yfc5", "summary": "mediawiki: divergent behavior for contributions and user pages of hidden users and missing users", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56945", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5704", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57039", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5709", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57092", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57104", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57083", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57059", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57086", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5706", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909240", "reference_id": "1909240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909240" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35480" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ar6-14bb-yfc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17014?format=api", "vulnerability_id": "VCID-7eba-7gsc-hbfg", "summary": "X-Forwarded-For header allows brute-forcing autoblocked IP addresses\nAn issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48447", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48449", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48509", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48473", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48448", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48401", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52609", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52594", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7" }, { "reference_url": "https://phabricator.wikimedia.org/T285159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://phabricator.wikimedia.org/T285159" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5447", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5447" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627", "reference_id": "2183627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141", "reference_id": "CVE-2023-29141", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141" }, { "reference_url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6", "reference_id": "GHSA-5vj8-g3qg-4qh6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/", "reference_id": "ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/", "reference_id": "ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-29141", "GHSA-5vj8-g3qg-4qh6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90959?format=api", "vulnerability_id": "VCID-7j54-uz1w-y3dn", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5935", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59293", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59281", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59332", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59345", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59364", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59348", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59362", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59369", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41801" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7j54-uz1w-y3dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51024?format=api", "vulnerability_id": "VCID-7m3q-wuh7-k7fn", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74316", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74306", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78172", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78154", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78181", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78187", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78212", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78195", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78133", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946690", "reference_id": "1946690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946690" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30154" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m3q-wuh7-k7fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80686?format=api", "vulnerability_id": "VCID-812q-n5hg-u7dx", "summary": "mediawiki: message recentchanges-legend-watchlistexpiry can contain raw html", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64378", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64432", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64462", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64422", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64486", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64501", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64495", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64507", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64499", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909227", "reference_id": "1909227", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909227" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35474" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-812q-n5hg-u7dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51026?format=api", "vulnerability_id": "VCID-8sqw-6aae-13f5", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72796", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72793", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72804", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.76995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77005", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77076", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77055", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.7705", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.76989", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77024", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946692", "reference_id": "1946692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946692" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30157" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqw-6aae-13f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31065?format=api", "vulnerability_id": "VCID-92hf-r3sb-jbhy", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.6389", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.6395", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64019", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64016", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64002", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63972", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64007", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63977", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63987", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156318", "reference_id": "2156318", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156318" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:51:07Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T293589", "reference_id": "T293589", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:51:07Z/" } ], "url": "https://phabricator.wikimedia.org/T293589" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44855" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92hf-r3sb-jbhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31079?format=api", "vulnerability_id": "VCID-9346-9aaj-fkfw", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49129", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49088", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49138", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49118", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49163", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49161", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.4907", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49121", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156329", "reference_id": "2156329", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156329" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:24:49Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T309894", "reference_id": "T309894", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:24:49Z/" } ], "url": "https://phabricator.wikimedia.org/T309894" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-41765" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9346-9aaj-fkfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54173?format=api", "vulnerability_id": "VCID-9exs-x5s1-4bhg", "summary": "Failure to strip the Cookie header on change in host or HTTP downgrade\n### Impact\n\n`Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there.\n\n### Patches\n\nAffected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.\n\n### Workarounds\n\nAn alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.\n\n### References\n\n* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)\n\n### For more information\n\nIf you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80753", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80841", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80801", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80809", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80824", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80807", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80799", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80774", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31042" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://www.drupal.org/sa-core-2022-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://www.drupal.org/sa-core-2022-011" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821", "reference_id": "1012821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-f2wf-25xc-69c9", "reference_id": "GHSA-f2wf-25xc-69c9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2wf-25xc-69c9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-31042", "GHSA-f2wf-25xc-69c9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9exs-x5s1-4bhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32819?format=api", "vulnerability_id": "VCID-9g1g-z7d8-c7ah", "summary": "Regular Expression Denial of Service in papaparse\nVersions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 5.2.0 or later.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62458", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6237", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62474", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62467", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62423", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62445", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62455", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62436", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62317", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62375", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62419", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649" }, { "reference_url": "https://github.com/mholt/PapaParse", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse" }, { "reference_url": "https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621" }, { "reference_url": "https://github.com/mholt/PapaParse/issues/777", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse/issues/777" }, { "reference_url": "https://github.com/mholt/PapaParse/pull/779", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse/pull/779" }, { "reference_url": "https://github.com/mholt/PapaParse/releases/tag/5.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse/releases/tag/5.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36649", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36649" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258" }, { "reference_url": "https://vuldb.com/?ctiid.218004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuldb.com/?ctiid.218004" }, { "reference_url": "https://vuldb.com/?id.218004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuldb.com/?id.218004" }, { "reference_url": "https://www.npmjs.com/advisories/1515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/1515" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160359", "reference_id": "2160359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160359" }, { "reference_url": "https://github.com/advisories/GHSA-qvjc-g5vr-mfgr", "reference_id": "GHSA-qvjc-g5vr-mfgr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvjc-g5vr-mfgr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-36649", "GHSA-qvjc-g5vr-mfgr", "GMS-2020-421" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9g1g-z7d8-c7ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31061?format=api", "vulnerability_id": "VCID-9nnu-4mda-7qg9", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36614", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36769", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36637", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36653", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36698", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3668", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3662", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009507", "reference_id": "2009507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009507" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41798" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nnu-4mda-7qg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31075?format=api", "vulnerability_id": "VCID-9xyz-wzr8-wqhz", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86548", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86599", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86594", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.8658", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86529", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86591", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86576", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86567", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86547", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md" }, { "reference_url": "https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31090" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492", "reference_id": "1014492", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-25mq-v84q-4j7r", "reference_id": "GHSA-25mq-v84q-4j7r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-25mq-v84q-4j7r" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-31090", "GHSA-25mq-v84q-4j7r", "GMS-2022-2528" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyz-wzr8-wqhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51027?format=api", "vulnerability_id": "VCID-ad34-frk5-kqds", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.69775", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.69784", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.69794", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69801", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69793", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69856", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69879", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69864", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69851", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69788", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69816", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946698", "reference_id": "1946698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946698" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30158" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ad34-frk5-kqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59672?format=api", "vulnerability_id": "VCID-arzd-7xhw-qqb4", "summary": "OATHAuth extension in MediaWiki is not implementing rate limit\nAn issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46991", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47042", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46983", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4697", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47046", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4701", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46985", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25827" }, { "reference_url": "https://phabricator.wikimedia.org/T251661", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T251661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903761", "reference_id": "1903761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903761" }, { "reference_url": "https://github.com/advisories/GHSA-rqvj-fc2x-99q6", "reference_id": "GHSA-rqvj-fc2x-99q6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqvj-fc2x-99q6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25827", "GHSA-rqvj-fc2x-99q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arzd-7xhw-qqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31070?format=api", "vulnerability_id": "VCID-av7r-cpew-xkcn", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45038", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55952", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56064", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56084", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56063", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56114", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56119", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56108", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56091", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56126", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56128", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56098", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036704", "reference_id": "2036704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036704" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-45038" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-av7r-cpew-xkcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57632?format=api", "vulnerability_id": "VCID-azup-qzq7-sbh6", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nIn MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href =\"javascript... that executes when clicked.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56468", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56498", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56464", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56507", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5646", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56492", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56437", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56339", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25814" }, { "reference_url": "https://phabricator.wikimedia.org/T86738", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T86738" }, { "reference_url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903774", "reference_id": "1903774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903774" }, { "reference_url": "https://github.com/advisories/GHSA-4vr7-m8p8-434h", "reference_id": "GHSA-4vr7-m8p8-434h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vr7-m8p8-434h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25814", "GHSA-4vr7-m8p8-434h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78306?format=api", "vulnerability_id": "VCID-b8r6-r39r-3ffm", "summary": "MediaWiki: Manualthumb bypasses badFile lookup", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13455", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13321", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13383", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13243", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13241", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13518", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13312", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13394", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13444", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13418", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233116", "reference_id": "2233116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233116" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/", "reference_id": "2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/", "reference_id": "6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/", "reference_id": "DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/" }, { "reference_url": "https://phabricator.wikimedia.org/T335612", "reference_id": "T335612", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/" } ], "url": "https://phabricator.wikimedia.org/T335612" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-36674" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8r6-r39r-3ffm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6290?format=api", "vulnerability_id": "VCID-brg4-rv29-1fgz", "summary": "In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86827", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86882", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86887", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86891", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86879", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.8687", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.8685", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86856", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86837", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.034", "scoring_system": "epss", "scoring_elements": "0.87436", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.034", "scoring_system": "epss", "scoring_elements": "0.87433", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.034", "scoring_system": "epss", "scoring_elements": "0.8743", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce" }, { "reference_url": "https://github.com/advisories/GHSA-pq64-v7f5-gqh8", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pq64-v7f5-gqh8" }, { "reference_url": "https://github.com/pygments/pygments", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments" }, { "reference_url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27291" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4878", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4878" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4889" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940603", "reference_id": "1940603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940603" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574", "reference_id": "985574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574" }, { "reference_url": "https://security.archlinux.org/AVG-1662", "reference_id": "AVG-1662", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1662" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0781", "reference_id": "RHSA-2021:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3252", "reference_id": "RHSA-2021:3252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4139", "reference_id": "RHSA-2021:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4150", "reference_id": "RHSA-2021:4150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4151", "reference_id": "RHSA-2021:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4151" }, { "reference_url": "https://usn.ubuntu.com/4897-1/", "reference_id": "USN-4897-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4897-1/" }, { "reference_url": "https://usn.ubuntu.com/4897-2/", "reference_id": "USN-4897-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4897-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-27291", "GHSA-pq64-v7f5-gqh8", "PYSEC-2021-141" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brg4-rv29-1fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31062?format=api", "vulnerability_id": "VCID-c8zy-wsn9-63af", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50227", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50296", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50244", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50297", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5029", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50317", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50291", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5028", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50324", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50325", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50299", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009511", "reference_id": "2009511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009511" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41799" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8zy-wsn9-63af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31067?format=api", "vulnerability_id": "VCID-ckkj-z5nq-akhb", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35492", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35517", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.354", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35446", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35471", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35481", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35438", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35414", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35454", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35442", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3539", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036702", "reference_id": "2036702", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036702" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44857" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckkj-z5nq-akhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80689?format=api", "vulnerability_id": "VCID-d6kz-e82q-6kh3", "summary": "mediawiki: potential XSS via the month messages such as MediaWiki:january through MediaWiki:december outputting Block Logs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.74971", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.74974", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.7498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75014", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75025", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75046", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75015", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75051", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75059", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75048", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909237", "reference_id": "1909237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909237" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35479" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6kz-e82q-6kh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78071?format=api", "vulnerability_id": "VCID-ea7c-xk4h-13fs", "summary": "mediawiki: stored XSS leads to privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.4022", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40127", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40167", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40244", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40205", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40187", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40235", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240807", "reference_id": "2240807", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240807" }, { "reference_url": "https://fluidattacks.com/advisories/blondie/", "reference_id": "blondie", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/" } ], "url": "https://fluidattacks.com/advisories/blondie/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/", "reference_id": "FU2FGUXXK6TMV6R52VRECLC6XCSQQISY", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/" }, { "reference_url": "https://www.mediawiki.org/wiki/MediaWiki/", "reference_id": "MediaWiki", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/" } ], "url": "https://www.mediawiki.org/wiki/MediaWiki/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-3550" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ea7c-xk4h-13fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31068?format=api", "vulnerability_id": "VCID-eefm-65rj-pyg2", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61568", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61642", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61673", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61643", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61692", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61729", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61739", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61744", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61727", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036698", "reference_id": "2036698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036698" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44858" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eefm-65rj-pyg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94711?format=api", "vulnerability_id": "VCID-fnzm-dxb3-v7hr", "summary": "An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41615", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4157", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4163", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41619", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41605", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46018", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57012", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57034", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html", "reference_id": "094418.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://phabricator.wikimedia.org/T270453", "reference_id": "T270453", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/" } ], "url": "https://phabricator.wikimedia.org/T270453" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/", "reference_id": "XYBF5RSTJRMVCP7QBYK7643W75A3KCIY", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30153" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnzm-dxb3-v7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80687?format=api", "vulnerability_id": "VCID-fwb3-kxy8-73hz", "summary": "mediawiki: unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64668", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.6472", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64748", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64754", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64769", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64785", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64795", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64782", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909231", "reference_id": "1909231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909231" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35477" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwb3-kxy8-73hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57902?format=api", "vulnerability_id": "VCID-h8jw-brz8-hkfn", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58937", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58958", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58939", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58938", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58933", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58881", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58817", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58913", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58892", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25812" }, { "reference_url": "https://phabricator.wikimedia.org/T255918", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T255918" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903767", "reference_id": "1903767", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903767" }, { "reference_url": "https://github.com/advisories/GHSA-rj9p-8jxj-2ch4", "reference_id": "GHSA-rj9p-8jxj-2ch4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rj9p-8jxj-2ch4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25812", "GHSA-rj9p-8jxj-2ch4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8jw-brz8-hkfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80685?format=api", "vulnerability_id": "VCID-j1bz-4bex-4key", "summary": "mediawiki: messages userrights-expiry-current and userrights-expiry-none can contain raw html", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69172", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69188", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.6919", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.6924", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69266", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69238", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69277", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69285", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69265", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909224", "reference_id": "1909224", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909224" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35475" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1bz-4bex-4key" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19329?format=api", "vulnerability_id": "VCID-jm7q-2w3j-buhh", "summary": "MediaWiki Denial of Service vulnerability\nAn issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93464", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93458", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93407", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93452", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93427", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html" }, { "reference_url": "https://phabricator.wikimedia.org/T333050", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://phabricator.wikimedia.org/T333050" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363", "reference_id": "CVE-2023-45363", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363" }, { "reference_url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9", "reference_id": "GHSA-w5fx-cx7f-6vr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-45363", "GHSA-w5fx-cx7f-6vr9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31082?format=api", "vulnerability_id": "VCID-jwkd-wdus-6ygg", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1637", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16248", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16432", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16315", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16379", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16362", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16323", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16191", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1621", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160625", "reference_id": "2160625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160625" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/", "reference_id": "AP65YEN762IBNQPOYGUVLTQIDLM5XD2A", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html", "reference_id": "msg00011.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html" }, { "reference_url": "https://phabricator.wikimedia.org/T322637", "reference_id": "T322637", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://phabricator.wikimedia.org/T322637" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/", "reference_id": "UEMW64LVEH3BEXCJV43CVS6XPYURKWU3", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-47927" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwkd-wdus-6ygg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51025?format=api", "vulnerability_id": "VCID-k1f5-msra-4kam", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5488", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54901", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63482", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63473", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63542", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63558", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63543", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63422", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63509", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948641", "reference_id": "1948641", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948641" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30155" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1f5-msra-4kam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31071?format=api", "vulnerability_id": "VCID-m1j5-3ecf-dffj", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69088", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69043", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69083", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69092", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72322", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.7234", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72356", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72368", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074123", "reference_id": "2074123", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074123" }, { "reference_url": "https://security.archlinux.org/AVG-2677", "reference_id": "AVG-2677", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2677" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-28202" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1j5-3ecf-dffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54061?format=api", "vulnerability_id": "VCID-nwsr-ruca-2kha", "summary": "Fix failure to strip Authorization header on HTTP downgrade\n### Impact\n\n`Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host.\n\n### Patches\n\nAffected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.\n\n### Workarounds\n\nAn alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.\n\n### References\n\n* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)\n\n### For more information\n\nIf you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80753", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80841", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80801", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80809", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80824", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80807", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80799", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80774", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31043" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://www.drupal.org/sa-core-2022-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://www.drupal.org/sa-core-2022-011" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821", "reference_id": "1012821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-w248-ffj2-4v5q", "reference_id": "GHSA-w248-ffj2-4v5q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w248-ffj2-4v5q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-31043", "GHSA-w248-ffj2-4v5q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwsr-ruca-2kha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57414?format=api", "vulnerability_id": "VCID-pm5t-23j4-6yh6", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5985", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59859", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59839", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59703", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5977", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59801", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25828" }, { "reference_url": "https://phabricator.wikimedia.org/T115888", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T115888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903776", "reference_id": "1903776", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903776" }, { "reference_url": "https://github.com/advisories/GHSA-h8qx-mj6v-2934", "reference_id": "GHSA-h8qx-mj6v-2934", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8qx-mj6v-2934" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25828", "GHSA-h8qx-mj6v-2934" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95128?format=api", "vulnerability_id": "VCID-pw9d-1cwb-tyb9", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20656", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20849", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20907", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20621", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20697", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20777", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20733", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20682", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20668", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20665", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-28201" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pw9d-1cwb-tyb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31064?format=api", "vulnerability_id": "VCID-qjhk-97j6-2qfm", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40491", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40484", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40599", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40562", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40543", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40591", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4056", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4052", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40581", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156316", "reference_id": "2156316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156316" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:53:28Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T292763", "reference_id": "T292763", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:53:28Z/" } ], "url": "https://phabricator.wikimedia.org/T292763" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44854" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhk-97j6-2qfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31078?format=api", "vulnerability_id": "VCID-qqvd-cjs3-7kab", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46482", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46502", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46452", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4653", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46511", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46568", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46565", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46512", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112772", "reference_id": "2112772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112772" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-34912" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqvd-cjs3-7kab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31081?format=api", "vulnerability_id": "VCID-qwcp-5hh8-z3gp", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47785", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47754", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47773", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47798", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47784", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47839", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47723", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47777", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156331", "reference_id": "2156331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156331" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:22:46Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T316304", "reference_id": "T316304", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:22:46Z/" } ], "url": "https://phabricator.wikimedia.org/T316304" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-41767" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwcp-5hh8-z3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78316?format=api", "vulnerability_id": "VCID-ruur-4cvx-cqct", "summary": "mediawiki: cross site scripting", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66994", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67057", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67055", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67074", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6706", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67062", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67076", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67019", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67042", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40", "reference_id": "1.40#Other_changes_in_1.40", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217428", "reference_id": "2217428", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217428" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/", "reference_id": "2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/", "reference_id": "6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/", "reference_id": "DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/" }, { "reference_url": "https://phabricator.wikimedia.org/T332889", "reference_id": "T332889", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://phabricator.wikimedia.org/T332889" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-36675" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruur-4cvx-cqct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51023?format=api", "vulnerability_id": "VCID-rwtk-hep1-xfaw", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59101", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59121", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67036", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67056", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67041", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6701", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66938", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67001", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948636", "reference_id": "1948636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948636" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30152" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwtk-hep1-xfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31077?format=api", "vulnerability_id": "VCID-rz65-w7x5-57hu", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62828", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62822", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62873", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62907", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62897", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62875", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62915", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62923", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62902", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112770", "reference_id": "2112770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112770" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-34911" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rz65-w7x5-57hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76439?format=api", "vulnerability_id": "VCID-sc5s-s7vg-dygq", "summary": "mediawiki: denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38284", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38346", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38321", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38369", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38348", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3842", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38444", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38308", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38358", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38367", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38383", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279231", "reference_id": "2279231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279231" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/", "reference_id": "FU2FGUXXK6TMV6R52VRECLC6XCSQQISY", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/" }, { "reference_url": "https://phabricator.wikimedia.org/T357760", "reference_id": "T357760", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/" } ], "url": "https://phabricator.wikimedia.org/T357760" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2024-34506" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sc5s-s7vg-dygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31066?format=api", "vulnerability_id": "VCID-sca5-n7rz-rffq", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38942", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39032", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39116", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39096", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39151", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39121", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3915", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39069", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39141", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156326", "reference_id": "2156326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156326" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:49:08Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T271037", "reference_id": "T271037", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:49:08Z/" } ], "url": "https://phabricator.wikimedia.org/T271037" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44856" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sca5-n7rz-rffq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55339?format=api", "vulnerability_id": "VCID-ujdn-y48t-pbch", "summary": "MediaWiki Special:UserRights exposes the existence of hidden users\nIn MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, Special:UserRights exposes the existence of hidden users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58639", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5864", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58565", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58595", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58574", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58489", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58623", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58616", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://meta.wikimedia.org/wiki/Special:UserRights", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://meta.wikimedia.org/wiki/Special:UserRights" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25813" }, { "reference_url": "https://phabricator.wikimedia.org/T232568", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T232568" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903764", "reference_id": "1903764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903764" }, { "reference_url": "https://github.com/advisories/GHSA-c4rj-wrmq-52rj", "reference_id": "GHSA-c4rj-wrmq-52rj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4rj-wrmq-52rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25813", "GHSA-c4rj-wrmq-52rj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujdn-y48t-pbch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31076?format=api", "vulnerability_id": "VCID-wzqf-k99e-vbeu", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.5672", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56768", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.5674", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56761", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56784", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56771", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56719", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56741", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31091" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492", "reference_id": "1014492", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-q559-8m2m-g699", "reference_id": "GHSA-q559-8m2m-g699", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q559-8m2m-g699" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-31091", "GHSA-q559-8m2m-g699", "GMS-2022-2529" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzqf-k99e-vbeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95129?format=api", "vulnerability_id": "VCID-yakw-r8bh-5bde", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61852", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61751", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61781", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61835", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61823", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61803", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61847", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-28203" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yakw-r8bh-5bde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31063?format=api", "vulnerability_id": "VCID-z9d9-aer5-gfa9", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3925", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39342", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39337", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39365", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39164", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39374", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39359", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800" }, { "reference_url": "https://phabricator.wikimedia.org/T284419", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T284419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517", "reference_id": "2009517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73", "reference_id": "GHSA-c8wv-qwwc-6j73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41800", "GHSA-c8wv-qwwc-6j73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78030?format=api", "vulnerability_id": "VCID-zj5a-p9u4-ducw", "summary": "mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60318", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60323", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.6033", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60236", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60262", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60279", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60294", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60314", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60301", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247803", "reference_id": "2247803", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247803" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/", "reference_id": "FU2FGUXXK6TMV6R52VRECLC6XCSQQISY", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/" }, { "reference_url": "https://phabricator.wikimedia.org/T340221", "reference_id": "T340221", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/" } ], "url": "https://phabricator.wikimedia.org/T340221" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-45360" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj5a-p9u4-ducw" } ], "risk_score": "3.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" }