Package Instance

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664
reference_id	984664
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664

reference_url

reference_id

AVG-1662

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32072

reference_url	https://access.redhat.com/errata/RHSA-2021:0781
reference_id	RHSA-2021:0781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0781

reference_url	https://access.redhat.com/errata/RHSA-2021:3252
reference_id	RHSA-2021:3252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3252

reference_url	https://access.redhat.com/errata/RHSA-2021:4139
reference_id	RHSA-2021:4139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4139

reference_url	https://access.redhat.com/errata/RHSA-2021:4150
reference_id	RHSA-2021:4150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4150

reference_url	https://access.redhat.com/errata/RHSA-2021:4151
reference_id	RHSA-2021:4151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4151

reference_url	https://usn.ubuntu.com/4885-1/
reference_id	USN-4885-1
reference_type
scores
url	https://usn.ubuntu.com/4885-1/

reference_url	https://usn.ubuntu.com/4897-2/
reference_id	USN-4897-2
reference_type
scores
url	https://usn.ubuntu.com/4897-2/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-20270, GHSA-9w8r-397f-prfh, PYSEC-2021-140

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1na8-nyq1-yfcy

url VCID-2wcb-hty6-uyez

vulnerability_id VCID-2wcb-hty6-uyez

summary Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43.

references

reference_url

reference_id

reference_type

scores

value	0.00454
scoring_system	epss
scoring_elements	0.63766
published_at	2026-04-02T12:55:00Z

value	0.00544
scoring_system	epss
scoring_elements	0.67793
published_at	2026-04-16T12:55:00Z

value	0.00544
scoring_system	epss
scoring_elements	0.67781
published_at	2026-04-09T12:55:00Z

value	0.00544
scoring_system	epss
scoring_elements	0.67805
published_at	2026-04-11T12:55:00Z

value	0.00544
scoring_system	epss
scoring_elements	0.67791
published_at	2026-04-12T12:55:00Z

value	0.00544
scoring_system	epss
scoring_elements	0.67757
published_at	2026-04-13T12:55:00Z

value	0.00544
scoring_system	epss
scoring_elements	0.67735
published_at	2026-04-04T12:55:00Z

value	0.00544
scoring_system	epss
scoring_elements	0.67715
published_at	2026-04-07T12:55:00Z

value	0.00544
scoring_system	epss
scoring_elements	0.67767
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32072

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072

reference_url

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134

reference_id

1120134

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:39:44Z/

url

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134

reference_url

https://phabricator.wikimedia.org/T386175

reference_id

T386175

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:39:44Z/

url

https://phabricator.wikimedia.org/T386175

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-32072

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2wcb-hty6-uyez

url VCID-2xja-2whv-fqe4

vulnerability_id VCID-2xja-2whv-fqe4

summary mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45362

reference_id

reference_type

scores

value	0.00392
scoring_system	epss
scoring_elements	0.60186
published_at	2026-04-02T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60211
published_at	2026-04-04T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.6018
published_at	2026-04-07T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.6023
published_at	2026-04-08T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60244
published_at	2026-04-09T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60265
published_at	2026-04-11T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60251
published_at	2026-04-12T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60234
published_at	2026-04-13T12:55:00Z

value	0.00392
scoring_system	epss
scoring_elements	0.60273
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2247805
reference_id	2247805
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2247805

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-45362

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xja-2whv-fqe4

url VCID-32f4-khen-3yez

vulnerability_id VCID-32f4-khen-3yez

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30159

reference_id

reference_type

scores

value	0.00866
scoring_system	epss
scoring_elements	0.75081
published_at	2026-04-01T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75083
published_at	2026-04-02T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75112
published_at	2026-04-04T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75089
published_at	2026-04-07T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75157
published_at	2026-04-11T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75124
published_at	2026-04-13T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75123
published_at	2026-04-08T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75135
published_at	2026-04-12T12:55:00Z

value	0.00873
scoring_system	epss
scoring_elements	0.75289
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948638
reference_id	1948638
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948638

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-67480

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30159

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32f4-khen-3yez

url VCID-3zue-5ccg-23hs

vulnerability_id VCID-3zue-5ccg-23hs

summary Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.

references

reference_url

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.20647
published_at	2026-04-16T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33244
published_at	2026-04-08T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33202
published_at	2026-04-07T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33338
published_at	2026-04-02T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33279
published_at	2026-04-09T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33283
published_at	2026-04-11T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.3337
published_at	2026-04-04T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.365
published_at	2026-04-13T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36524
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-67480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67480

reference_url

https://phabricator.wikimedia.org/T401053

reference_id

T401053

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:01:49Z/

url

https://phabricator.wikimedia.org/T401053

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-67480

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zue-5ccg-23hs

url VCID-424y-cjxg-c7az

vulnerability_id VCID-424y-cjxg-c7az

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25815

reference_id

reference_type

scores

value	0.00387
scoring_system	epss
scoring_elements	0.59859
published_at	2026-04-16T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59839
published_at	2026-04-12T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59856
published_at	2026-04-11T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59835
published_at	2026-04-09T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59822
published_at	2026-04-13T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5977
published_at	2026-04-07T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59777
published_at	2026-04-02T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59703
published_at	2026-04-01T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59801
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25815

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815

reference_url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25815

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25815

reference_url

https://phabricator.wikimedia.org/T256171

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T256171

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903759
reference_id	1903759
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903759

reference_url

https://github.com/advisories/GHSA-2f58-vf6g-6p8x

reference_id

GHSA-2f58-vf6g-6p8x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2f58-vf6g-6p8x

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25815, GHSA-2f58-vf6g-6p8x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-424y-cjxg-c7az

url VCID-4dfp-3qk9-j7fg

vulnerability_id VCID-4dfp-3qk9-j7fg

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-35197

reference_id

reference_type

scores

value	0.0073
scoring_system	epss
scoring_elements	0.72618
published_at	2026-04-01T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72626
published_at	2026-04-02T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72644
published_at	2026-04-04T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72621
published_at	2026-04-07T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.7266
published_at	2026-04-08T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72673
published_at	2026-04-09T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72696
published_at	2026-04-11T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72679
published_at	2026-04-12T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72669
published_at	2026-04-13T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72711
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1980308
reference_id	1980308
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1980308

reference_url	https://security.archlinux.org/ASA-202107-7
reference_id	ASA-202107-7
reference_type
scores
url	https://security.archlinux.org/ASA-202107-7

reference_url

reference_id

AVG-2093

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61641

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-35197

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dfp-3qk9-j7fg

url VCID-4yhr-jjt9-afaq

vulnerability_id VCID-4yhr-jjt9-afaq

summary Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

references

reference_url

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00385
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00374
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00371
published_at	2026-04-08T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00372
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00524
published_at	2026-04-13T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00521
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00525
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00523
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641

reference_url

https://phabricator.wikimedia.org/T298690

reference_id

T298690

reference_type

scores

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:09:22Z/

url

https://phabricator.wikimedia.org/T298690

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61641

risk_score 0.5

exploitability 0.5

weighted_severity 1.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4yhr-jjt9-afaq

url VCID-5myd-ngfx-5qhb

vulnerability_id VCID-5myd-ngfx-5qhb

summary mediawiki: group-.*-member messages are not properly escaped on Special:log/rights

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51704.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51704.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-51704

reference_id

reference_type

scores

value	0.00398
scoring_system	epss
scoring_elements	0.60551
published_at	2026-04-02T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60579
published_at	2026-04-04T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60548
published_at	2026-04-07T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60597
published_at	2026-04-08T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60612
published_at	2026-04-09T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60637
published_at	2026-04-11T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60622
published_at	2026-04-12T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60601
published_at	2026-04-13T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60643
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-51704

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2255582
reference_id	2255582
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2255582

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2023-51704

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5myd-ngfx-5qhb

url VCID-674z-nf4t-b7ez

vulnerability_id VCID-674z-nf4t-b7ez

summary

Cross-domain cookie leakage in Guzzle
### Impact

Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the `Set-Cookie` header, allowing a malicious server to set cookies for unrelated domains. For example an attacker at `www.example.com` might set a session cookie for `api.example.net`, logging the Guzzle client into their account and retrieving private API requests from the security log of their account.

Note that our cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with `['cookies' => true]` are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability.

### Patches

Affected Guzzle 7 users should upgrade to Guzzle 7.4.3 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.6 or 7.4.3.

### Workarounds

If you do not need support for cookies, turn off the cookie middleware. It is already off by default, but if you have turned it on and no longer need it, turn it off.

### References

* [RFC6265 Section 5.3](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3)
* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)

### For more information

If you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29248

reference_id

reference_type

scores

value	0.00637
scoring_system	epss
scoring_elements	0.70507
published_at	2026-04-16T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70414
published_at	2026-04-02T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70431
published_at	2026-04-04T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.7041
published_at	2026-04-07T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70455
published_at	2026-04-08T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70471
published_at	2026-04-09T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70495
published_at	2026-04-11T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.7048
published_at	2026-04-12T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70465
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml

reference_url

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab

reference_url

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab

reference_url

https://github.com/guzzle/guzzle/pull/3018

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://github.com/guzzle/guzzle/pull/3018

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29248

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29248

reference_url

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://www.drupal.org/sa-core-2022-010

reference_url

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/

url

https://www.drupal.org/sa-core-2022-010

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636
reference_id	1011636
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-cwmx-hcrq-mhc3

reference_url

reference_id

GHSA-cwmx-hcrq-mhc3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cwmx-hcrq-mhc3

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-29248, GHSA-cwmx-hcrq-mhc3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-674z-nf4t-b7ez

url VCID-6ads-gs3n-dubh

vulnerability_id VCID-6ads-gs3n-dubh

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30458

reference_id

reference_type

scores

value	0.00214
scoring_system	epss
scoring_elements	0.43931
published_at	2026-04-01T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43969
published_at	2026-04-12T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43984
published_at	2026-04-09T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43982
published_at	2026-04-08T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43932
published_at	2026-04-07T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.44002
published_at	2026-04-11T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.4398
published_at	2026-04-02T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43954
published_at	2026-04-13T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58859
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30458

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml

reference_url

https://github.com/wikimedia/mediawiki-services-parsoid

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki-services-parsoid

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-30458

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-30458

reference_url

https://phabricator.wikimedia.org/T279451

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T279451

reference_url

https://www.mediawiki.org/wiki/Parsoid

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Parsoid

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-5pqx-77vf-85rw

reference_url

reference_id

GHSA-5pqx-77vf-85rw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5pqx-77vf-85rw

reference_url

https://security.gentoo.org/glsa/202107-40

reference_id

GLSA-202107-40

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30458, GHSA-5pqx-77vf-85rw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ads-gs3n-dubh

url VCID-73p6-esc6-tydd

vulnerability_id VCID-73p6-esc6-tydd

summary mediawiki: potential XSS via MediaWiki:blanknamespace outputting Block Logs

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35478

reference_id

reference_type

scores

value	0.00446
scoring_system	epss
scoring_elements	0.63353
published_at	2026-04-01T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63413
published_at	2026-04-02T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63441
published_at	2026-04-04T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63406
published_at	2026-04-07T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63457
published_at	2026-04-08T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63475
published_at	2026-04-09T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63492
published_at	2026-04-11T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63477
published_at	2026-04-12T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63442
published_at	2026-04-13T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63476
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909234
reference_id	1909234
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909234

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32698

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35478

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73p6-esc6-tydd

url VCID-74ej-8sna-jyek

vulnerability_id VCID-74ej-8sna-jyek

summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

references

reference_url

reference_id

reference_type

scores

value	0.0048
scoring_system	epss
scoring_elements	0.65037
published_at	2026-04-02T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68809
published_at	2026-04-16T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68796
published_at	2026-04-12T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68767
published_at	2026-04-13T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68739
published_at	2026-04-04T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68717
published_at	2026-04-07T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68768
published_at	2026-04-08T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68788
published_at	2026-04-09T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.6881
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32698

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698

reference_url

https://phabricator.wikimedia.org/T385958

reference_id

T385958

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:51:46Z/

url

https://phabricator.wikimedia.org/T385958

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-32698

risk_score 0.7

exploitability 0.5

weighted_severity 1.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74ej-8sna-jyek

url VCID-7ar6-14bb-yfc5

vulnerability_id VCID-7ar6-14bb-yfc5

summary mediawiki: divergent behavior for contributions and user pages of hidden users and missing users

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35480

reference_id

reference_type

scores

value	0.00344
scoring_system	epss
scoring_elements	0.56945
published_at	2026-04-01T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5704
published_at	2026-04-02T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57062
published_at	2026-04-04T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57039
published_at	2026-04-07T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5709
published_at	2026-04-08T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57092
published_at	2026-04-09T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57104
published_at	2026-04-11T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57083
published_at	2026-04-12T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57059
published_at	2026-04-13T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57086
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909240
reference_id	1909240
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909240

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35480

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ar6-14bb-yfc5

url VCID-7eba-7gsc-hbfg

vulnerability_id VCID-7eba-7gsc-hbfg

summary

X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29141

reference_id

reference_type

scores

value	0.00251
scoring_system	epss
scoring_elements	0.48509
published_at	2026-04-16T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48426
published_at	2026-04-02T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48459
published_at	2026-04-13T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48447
published_at	2026-04-12T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48473
published_at	2026-04-11T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48449
published_at	2026-04-09T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48455
published_at	2026-04-08T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48401
published_at	2026-04-07T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48448
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_url

https://phabricator.wikimedia.org/T285159

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://phabricator.wikimedia.org/T285159

reference_url

https://www.debian.org/security/2023/dsa-5447

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://www.debian.org/security/2023/dsa-5447

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183627
reference_id	2183627
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183627

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29141

reference_id

CVE-2023-29141

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29141

reference_url

https://github.com/advisories/GHSA-5vj8-g3qg-4qh6

reference_id

GHSA-5vj8-g3qg-4qh6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5vj8-g3qg-4qh6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

reference_id

ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

reference_id

ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-29141, GHSA-5vj8-g3qg-4qh6

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg

url VCID-7j54-uz1w-y3dn

vulnerability_id VCID-7j54-uz1w-y3dn

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41801

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59362
published_at	2026-04-16T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59219
published_at	2026-04-01T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59293
published_at	2026-04-02T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59317
published_at	2026-04-04T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59281
published_at	2026-04-07T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59332
published_at	2026-04-08T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59345
published_at	2026-04-09T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59364
published_at	2026-04-11T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59348
published_at	2026-04-12T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.5933
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41801

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j54-uz1w-y3dn

url VCID-7m3q-wuh7-k7fn

vulnerability_id VCID-7m3q-wuh7-k7fn

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30154

reference_id

reference_type

scores

value	0.00814
scoring_system	epss
scoring_elements	0.74306
published_at	2026-04-16T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78133
published_at	2026-04-01T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78142
published_at	2026-04-02T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78172
published_at	2026-04-04T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78154
published_at	2026-04-07T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78181
published_at	2026-04-08T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78187
published_at	2026-04-09T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78212
published_at	2026-04-11T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78195
published_at	2026-04-12T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78191
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946690
reference_id	1946690
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946690

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61656

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30154

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m3q-wuh7-k7fn

url VCID-7wh4-say2-pqap

vulnerability_id VCID-7wh4-say2-pqap

summary Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.

references

reference_url

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05235
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06021
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06056
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06064
published_at	2026-04-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14413
published_at	2026-04-09T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14358
published_at	2026-04-08T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.1447
published_at	2026-04-04T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14276
published_at	2026-04-07T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14403
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61656

reference_url

https://phabricator.wikimedia.org/T397232

reference_id

T397232

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:00:27Z/

url

https://phabricator.wikimedia.org/T397232

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61656

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wh4-say2-pqap

url VCID-812q-n5hg-u7dx

vulnerability_id VCID-812q-n5hg-u7dx

summary mediawiki: message recentchanges-legend-watchlistexpiry can contain raw html

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35474

reference_id

reference_type

scores

value	0.00468
scoring_system	epss
scoring_elements	0.64378
published_at	2026-04-01T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64432
published_at	2026-04-02T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64462
published_at	2026-04-04T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64422
published_at	2026-04-07T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.6447
published_at	2026-04-08T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64486
published_at	2026-04-09T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64501
published_at	2026-04-11T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64489
published_at	2026-04-12T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64461
published_at	2026-04-13T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64495
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909227
reference_id	1909227
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909227

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35474

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-812q-n5hg-u7dx

url VCID-8sqw-6aae-13f5

vulnerability_id VCID-8sqw-6aae-13f5

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30157

reference_id

reference_type

scores

value	0.00734
scoring_system	epss
scoring_elements	0.72793
published_at	2026-04-16T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.76989
published_at	2026-04-01T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.76995
published_at	2026-04-02T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77024
published_at	2026-04-04T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77005
published_at	2026-04-07T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77037
published_at	2026-04-08T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77047
published_at	2026-04-09T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77076
published_at	2026-04-11T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77055
published_at	2026-04-12T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.7705
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946692
reference_id	1946692
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946692

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11261.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30157

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqw-6aae-13f5

url VCID-8uw8-ja3w-r3da

vulnerability_id VCID-8uw8-ja3w-r3da

summary MediaWiki: MediaWiki: Cross-site Scripting (XSS) vulnerability

references

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11261.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11261

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.00267
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00263
published_at	2026-04-07T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00261
published_at	2026-04-08T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00259
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00343
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00348
published_at	2026-04-13T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.0035
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11261

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2436168
reference_id	2436168
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2436168

reference_url

https://phabricator.wikimedia.org/T402077

reference_id

T402077

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:05Z/

url

https://phabricator.wikimedia.org/T402077

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-11261

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uw8-ja3w-r3da

url VCID-92hf-r3sb-jbhy

vulnerability_id VCID-92hf-r3sb-jbhy

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44855

reference_id

reference_type

scores

value	0.00458
scoring_system	epss
scoring_elements	0.6389
published_at	2026-04-01T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.6395
published_at	2026-04-02T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64007
published_at	2026-04-16T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63987
published_at	2026-04-08T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64004
published_at	2026-04-09T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64016
published_at	2026-04-11T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64002
published_at	2026-04-12T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63972
published_at	2026-04-13T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63977
published_at	2026-04-04T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63936
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156318
reference_id	2156318
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156318

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:51:07Z/

url

https://phabricator.wikimedia.org/T293589

reference_url

reference_id

T293589

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:51:07Z/

url

https://phabricator.wikimedia.org/T293589

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44855

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92hf-r3sb-jbhy

url VCID-9346-9aaj-fkfw

vulnerability_id VCID-9346-9aaj-fkfw

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41765

reference_id

reference_type

scores

value	0.00257
scoring_system	epss
scoring_elements	0.49163
published_at	2026-04-16T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49088
published_at	2026-04-02T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49124
published_at	2026-04-08T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49121
published_at	2026-04-09T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49138
published_at	2026-04-11T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49112
published_at	2026-04-12T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49118
published_at	2026-04-13T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49117
published_at	2026-04-04T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.4907
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156329
reference_id	2156329
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156329

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:24:49Z/

url

https://phabricator.wikimedia.org/T309894

reference_url

reference_id

T309894

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:24:49Z/

url

https://phabricator.wikimedia.org/T309894

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-41765

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9346-9aaj-fkfw

url VCID-95d1-mkm6-r3cq

vulnerability_id VCID-95d1-mkm6-r3cq

summary Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6591

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02268
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02283
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02062
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02068
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02064
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02066
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02083
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02299
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02286
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6591

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6591
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6591

reference_url

https://phabricator.wikimedia.org/T392276

reference_id

T392276

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T15:32:29Z/

url

https://phabricator.wikimedia.org/T392276

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-6591

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95d1-mkm6-r3cq

url VCID-9exs-x5s1-4bhg

vulnerability_id VCID-9exs-x5s1-4bhg

summary

Failure to strip the Cookie header on change in host or HTTP downgrade
### Impact

`Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there.

### Patches

Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.

### Workarounds

An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

### References

* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)

### For more information

If you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31042

reference_id

reference_type

scores

value	0.01454
scoring_system	epss
scoring_elements	0.80771
published_at	2026-04-07T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80838
published_at	2026-04-16T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80774
published_at	2026-04-04T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80753
published_at	2026-04-02T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80801
published_at	2026-04-13T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80809
published_at	2026-04-12T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80824
published_at	2026-04-11T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80807
published_at	2026-04-09T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80799
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31042

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31042

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821
reference_id	1012821
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-f2wf-25xc-69c9

reference_url

reference_id

GHSA-f2wf-25xc-69c9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f2wf-25xc-69c9

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-31042, GHSA-f2wf-25xc-69c9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9exs-x5s1-4bhg

url VCID-9g1g-z7d8-c7ah

vulnerability_id VCID-9g1g-z7d8-c7ah

summary

Regular Expression Denial of Service in papaparse
Versions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service.


## Recommendation

Upgrade to version 5.2.0 or later.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36649

reference_id

reference_type

scores

value	0.00427
scoring_system	epss
scoring_elements	0.62467
published_at	2026-04-16T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62405
published_at	2026-04-04T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62423
published_at	2026-04-13T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62445
published_at	2026-04-12T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62455
published_at	2026-04-11T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62436
published_at	2026-04-09T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62419
published_at	2026-04-08T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.6237
published_at	2026-04-07T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62317
published_at	2026-04-01T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62375
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36649

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649

reference_url

https://github.com/mholt/PapaParse

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse

reference_url

https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621

reference_url

https://github.com/mholt/PapaParse/issues/777

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse/issues/777

reference_url

https://github.com/mholt/PapaParse/pull/779

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse/pull/779

reference_url

https://github.com/mholt/PapaParse/releases/tag/5.2.0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mholt/PapaParse/releases/tag/5.2.0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36649

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36649

reference_url

https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258

reference_url

https://vuldb.com/?ctiid.218004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://vuldb.com/?ctiid.218004

reference_url

https://vuldb.com/?id.218004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://vuldb.com/?id.218004

reference_url	https://www.npmjs.com/advisories/1515
reference_id
reference_type
scores
url	https://www.npmjs.com/advisories/1515

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2160359
reference_id	2160359
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2160359

reference_url

https://github.com/advisories/GHSA-qvjc-g5vr-mfgr

reference_id

GHSA-qvjc-g5vr-mfgr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qvjc-g5vr-mfgr

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-36649, GHSA-qvjc-g5vr-mfgr, GMS-2020-421

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9g1g-z7d8-c7ah

url VCID-9nnu-4mda-7qg9

vulnerability_id VCID-9nnu-4mda-7qg9

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41798

reference_id

reference_type

scores

value	0.00158
scoring_system	epss
scoring_elements	0.36614
published_at	2026-04-01T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36769
published_at	2026-04-02T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36801
published_at	2026-04-04T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36637
published_at	2026-04-07T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36688
published_at	2026-04-08T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36705
published_at	2026-04-09T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36714
published_at	2026-04-11T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36679
published_at	2026-04-12T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36653
published_at	2026-04-13T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36698
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009507
reference_id	2009507
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009507

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31090

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41798

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nnu-4mda-7qg9

url VCID-9xyz-wzr8-wqhz

vulnerability_id VCID-9xyz-wzr8-wqhz

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	0.03005
scoring_system	epss
scoring_elements	0.86548
published_at	2026-04-04T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86594
published_at	2026-04-16T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.8658
published_at	2026-04-13T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86587
published_at	2026-04-12T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86529
published_at	2026-04-02T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86591
published_at	2026-04-11T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86576
published_at	2026-04-09T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86567
published_at	2026-04-08T12:55:00Z

value	0.03005
scoring_system	epss
scoring_elements	0.86547
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md

reference_url

https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md

reference_url

https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/

url

https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31090

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31090

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/

url

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492
reference_id	1014492
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-25mq-v84q-4j7r

reference_url

reference_id

GHSA-25mq-v84q-4j7r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-25mq-v84q-4j7r

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6597

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-31090, GHSA-25mq-v84q-4j7r, GMS-2022-2528

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyz-wzr8-wqhz

url VCID-a8nh-mvhd-bka7

vulnerability_id VCID-a8nh-mvhd-bka7

summary MediaWiki: MediaWiki: Vulnerability in authentication management

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6597.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6597.json

reference_url

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05644
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05684
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05676
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05716
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05743
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05955
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05921
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05974
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05965
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6597
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6597

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2436116
reference_id	2436116
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2436116

reference_url

https://phabricator.wikimedia.org/T389009

reference_id

T389009

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:12:25Z/

url

https://phabricator.wikimedia.org/T389009

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-6597

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8nh-mvhd-bka7

url VCID-ad34-frk5-kqds

vulnerability_id VCID-ad34-frk5-kqds

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30158

reference_id

reference_type

scores

value	0.0061
scoring_system	epss
scoring_elements	0.69784
published_at	2026-04-16T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69788
published_at	2026-04-01T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69801
published_at	2026-04-02T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69816
published_at	2026-04-04T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69793
published_at	2026-04-07T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69841
published_at	2026-04-08T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69856
published_at	2026-04-09T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69879
published_at	2026-04-11T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69864
published_at	2026-04-12T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69851
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946698
reference_id	1946698
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946698

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30158

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad34-frk5-kqds

url VCID-arzd-7xhw-qqb4

vulnerability_id VCID-arzd-7xhw-qqb4

summary

OATHAuth extension in MediaWiki is not implementing rate limit
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25827

reference_id

reference_type

scores

value	0.00239
scoring_system	epss
scoring_elements	0.47046
published_at	2026-04-16T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4699
published_at	2026-04-13T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4701
published_at	2026-04-11T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46988
published_at	2026-04-08T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46987
published_at	2026-04-04T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4697
published_at	2026-04-02T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46934
published_at	2026-04-07T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46983
published_at	2026-04-12T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46985
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903761
reference_id	1903761
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903761

reference_url

reference_id

GHSA-rqvj-fc2x-99q6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25827, GHSA-rqvj-fc2x-99q6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arzd-7xhw-qqb4

url VCID-av7r-cpew-xkcn

vulnerability_id VCID-av7r-cpew-xkcn

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-45038

reference_id

reference_type

scores

value	0.00332
scoring_system	epss
scoring_elements	0.55952
published_at	2026-04-01T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56064
published_at	2026-04-02T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56084
published_at	2026-04-04T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56063
published_at	2026-04-07T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56114
published_at	2026-04-08T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56119
published_at	2026-04-09T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56131
published_at	2026-04-11T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56108
published_at	2026-04-12T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56091
published_at	2026-04-13T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56126
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-45038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2036704
reference_id	2036704
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2036704

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-45038

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-av7r-cpew-xkcn

url VCID-azup-qzq7-sbh6

vulnerability_id VCID-azup-qzq7-sbh6

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25814

reference_id

reference_type

scores

value	0.00336
scoring_system	epss
scoring_elements	0.56464
published_at	2026-04-13T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56483
published_at	2026-04-12T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56507
published_at	2026-04-11T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56497
published_at	2026-04-16T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56492
published_at	2026-04-08T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.5646
published_at	2026-04-04T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56437
published_at	2026-04-02T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56339
published_at	2026-04-01T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56441
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903774
reference_id	1903774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903774

reference_url

reference_id

GHSA-4vr7-m8p8-434h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6595

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25814, GHSA-4vr7-m8p8-434h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6

url VCID-b5ke-cjtq-q3ev

vulnerability_id VCID-b5ke-cjtq-q3ev

summary Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.

references

reference_url

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00418
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00423
published_at	2026-04-12T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00422
published_at	2026-04-13T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00317
published_at	2026-04-02T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00316
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00307
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00305
published_at	2026-04-09T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00428
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6595

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6595
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6595

reference_url

https://phabricator.wikimedia.org/T394863

reference_id

T394863

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T19:53:03Z/

url

https://phabricator.wikimedia.org/T394863

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-6595

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5ke-cjtq-q3ev

url VCID-b8r6-r39r-3ffm

vulnerability_id VCID-b8r6-r39r-3ffm

summary MediaWiki: Manualthumb bypasses badFile lookup

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-36674

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13455
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13243
published_at	2026-04-16T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13444
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13418
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13383
published_at	2026-04-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13336
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13518
published_at	2026-04-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13312
published_at	2026-04-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13394
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2233116
reference_id	2233116
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2233116

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

reference_id

2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

reference_id

6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

reference_id

DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

reference_url

https://phabricator.wikimedia.org/T335612

reference_id

T335612

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/

url

https://phabricator.wikimedia.org/T335612

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-36674

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8r6-r39r-3ffm

url VCID-brg4-rv29-1fgz

vulnerability_id VCID-brg4-rv29-1fgz

summary In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-27291

reference_id

reference_type

scores

value	0.03141
scoring_system	epss
scoring_elements	0.86827
published_at	2026-04-01T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86856
published_at	2026-04-04T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86837
published_at	2026-04-02T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86882
published_at	2026-04-13T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86887
published_at	2026-04-12T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86891
published_at	2026-04-11T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86879
published_at	2026-04-09T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.8687
published_at	2026-04-08T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.8685
published_at	2026-04-07T12:55:00Z

value	0.034
scoring_system	epss
scoring_elements	0.87433
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1940603
reference_id	1940603
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1940603

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574
reference_id	985574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574

reference_url

reference_id

AVG-1662

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json

reference_url	https://access.redhat.com/errata/RHSA-2021:0781
reference_id	RHSA-2021:0781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0781

reference_url	https://access.redhat.com/errata/RHSA-2021:3252
reference_id	RHSA-2021:3252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3252

reference_url	https://access.redhat.com/errata/RHSA-2021:4139
reference_id	RHSA-2021:4139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4139

reference_url	https://access.redhat.com/errata/RHSA-2021:4150
reference_id	RHSA-2021:4150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4150

reference_url	https://access.redhat.com/errata/RHSA-2021:4151
reference_id	RHSA-2021:4151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4151

reference_url	https://usn.ubuntu.com/4897-1/
reference_id	USN-4897-1
reference_type
scores
url	https://usn.ubuntu.com/4897-1/

reference_url	https://usn.ubuntu.com/4897-2/
reference_id	USN-4897-2
reference_type
scores
url	https://usn.ubuntu.com/4897-2/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-27291, GHSA-pq64-v7f5-gqh8, PYSEC-2021-141

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brg4-rv29-1fgz

url VCID-c8zy-wsn9-63af

vulnerability_id VCID-c8zy-wsn9-63af

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41799

reference_id

reference_type

scores

value	0.00268
scoring_system	epss
scoring_elements	0.50227
published_at	2026-04-01T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50266
published_at	2026-04-02T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50296
published_at	2026-04-04T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50244
published_at	2026-04-07T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50297
published_at	2026-04-08T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.5029
published_at	2026-04-09T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50317
published_at	2026-04-11T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50291
published_at	2026-04-12T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.5028
published_at	2026-04-13T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50324
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009511
reference_id	2009511
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009511

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41799

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8zy-wsn9-63af

url VCID-ckkj-z5nq-akhb

vulnerability_id VCID-ckkj-z5nq-akhb

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44857

reference_id

reference_type

scores

value	0.00149
scoring_system	epss
scoring_elements	0.35294
published_at	2026-04-01T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35492
published_at	2026-04-02T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35517
published_at	2026-04-04T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.354
published_at	2026-04-07T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35446
published_at	2026-04-08T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35471
published_at	2026-04-09T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35481
published_at	2026-04-11T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35438
published_at	2026-04-12T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35414
published_at	2026-04-13T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35454
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2036702
reference_id	2036702
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2036702

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44857

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckkj-z5nq-akhb

url VCID-d6kz-e82q-6kh3

vulnerability_id VCID-d6kz-e82q-6kh3

summary mediawiki: potential XSS via the month messages such as MediaWiki:january through MediaWiki:december outputting Block Logs

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35479

reference_id

reference_type

scores

value	0.0086
scoring_system	epss
scoring_elements	0.74971
published_at	2026-04-01T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.74974
published_at	2026-04-02T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75003
published_at	2026-04-04T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.7498
published_at	2026-04-07T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75014
published_at	2026-04-08T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75025
published_at	2026-04-12T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75046
published_at	2026-04-11T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75015
published_at	2026-04-13T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75051
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909237
reference_id	1909237
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909237

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61653

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35479

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6kz-e82q-6kh3

url VCID-den1-257q-euc9

vulnerability_id VCID-den1-257q-euc9

summary Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.

references

reference_url

reference_id

reference_type

scores

value	0.00087
scoring_system	epss
scoring_elements	0.25053
published_at	2026-04-02T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25092
published_at	2026-04-04T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24867
published_at	2026-04-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24936
published_at	2026-04-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24981
published_at	2026-04-09T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24995
published_at	2026-04-11T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25579
published_at	2026-04-13T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25581
published_at	2026-04-16T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25636
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653

reference_url

https://phabricator.wikimedia.org/T397577

reference_id

T397577

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T20:59:18Z/

url

https://phabricator.wikimedia.org/T397577

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61653

risk_score 0.8

exploitability 0.5

weighted_severity 1.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-den1-257q-euc9

url VCID-e8np-4nbw-t3b3

vulnerability_id VCID-e8np-4nbw-t3b3

summary Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11173

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03646
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03661
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03672
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03675
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03696
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03658
published_at	2026-04-11T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03956
published_at	2026-04-13T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03986
published_at	2026-04-12T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03936
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11173

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173

reference_url

https://phabricator.wikimedia.org/T401862

reference_id

T401862

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:50Z/

url

https://phabricator.wikimedia.org/T401862

reference_url

https://phabricator.wikimedia.org/T402094

reference_id

T402094

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:50Z/

url

https://phabricator.wikimedia.org/T402094

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-11173

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8np-4nbw-t3b3

url VCID-ea7c-xk4h-13fs

vulnerability_id VCID-ea7c-xk4h-13fs

summary mediawiki: stored XSS leads to privilege escalation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3550

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.4022
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40235
published_at	2026-04-16T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40245
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40167
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40231
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40244
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40205
published_at	2026-04-12T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40187
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2240807
reference_id	2240807
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2240807

reference_url

https://fluidattacks.com/advisories/blondie/

reference_id

blondie

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/

url

https://fluidattacks.com/advisories/blondie/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_id

FU2FGUXXK6TMV6R52VRECLC6XCSQQISY

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_url

https://www.mediawiki.org/wiki/MediaWiki/

reference_id

MediaWiki

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/

url

https://www.mediawiki.org/wiki/MediaWiki/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-3550

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ea7c-xk4h-13fs

url VCID-eefm-65rj-pyg2

vulnerability_id VCID-eefm-65rj-pyg2

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44858

reference_id

reference_type

scores

value	0.00416
scoring_system	epss
scoring_elements	0.61568
published_at	2026-04-01T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61642
published_at	2026-04-02T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61673
published_at	2026-04-04T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61643
published_at	2026-04-07T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61692
published_at	2026-04-08T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61707
published_at	2026-04-09T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61729
published_at	2026-04-11T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61717
published_at	2026-04-12T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61698
published_at	2026-04-13T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.61739
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44858

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2036698
reference_id	2036698
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2036698

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44858

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eefm-65rj-pyg2

url VCID-fnzm-dxb3-v7hr

vulnerability_id VCID-fnzm-dxb3-v7hr

summary An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30153

reference_id

reference_type

scores

value	0.00196
scoring_system	epss
scoring_elements	0.41644
published_at	2026-04-04T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41526
published_at	2026-04-01T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41615
published_at	2026-04-02T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41605
published_at	2026-04-13T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41619
published_at	2026-04-12T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41651
published_at	2026-04-11T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4163
published_at	2026-04-09T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4162
published_at	2026-04-08T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4157
published_at	2026-04-07T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.46018
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153

reference_url

https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html

reference_id

094418.html

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/

url

https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://phabricator.wikimedia.org/T270453

reference_url

reference_id

T270453

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/

url

https://phabricator.wikimedia.org/T270453

reference_url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/

reference_id

XYBF5RSTJRMVCP7QBYK7643W75A3KCIY

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/

url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30153

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnzm-dxb3-v7hr

url VCID-fptt-2t1j-8fec

vulnerability_id VCID-fptt-2t1j-8fec

summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61639

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00496
published_at	2026-04-02T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00491
published_at	2026-04-04T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00489
published_at	2026-04-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00487
published_at	2026-04-08T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00485
published_at	2026-04-09T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00678
published_at	2026-04-13T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00671
published_at	2026-04-16T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00685
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61639

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639

reference_url

https://phabricator.wikimedia.org/T280413

reference_id

T280413

reference_type

scores

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:10:07Z/

url

https://phabricator.wikimedia.org/T280413

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61639

risk_score 0.5

exploitability 0.5

weighted_severity 1.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fptt-2t1j-8fec

url VCID-fwb3-kxy8-73hz

vulnerability_id VCID-fwb3-kxy8-73hz

summary mediawiki: unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35477

reference_id

reference_type

scores

value	0.00474
scoring_system	epss
scoring_elements	0.64668
published_at	2026-04-01T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6472
published_at	2026-04-02T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64748
published_at	2026-04-04T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64706
published_at	2026-04-07T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64754
published_at	2026-04-08T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64769
published_at	2026-04-09T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64786
published_at	2026-04-11T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64774
published_at	2026-04-12T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64747
published_at	2026-04-13T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64785
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909231
reference_id	1909231
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909231

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6926

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35477

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwb3-kxy8-73hz

url VCID-h3d2-nr9e-nqbk

vulnerability_id VCID-h3d2-nr9e-nqbk

summary Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

references

reference_url

reference_id

reference_type

scores

value	0.00083
scoring_system	epss
scoring_elements	0.24343
published_at	2026-04-16T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24424
published_at	2026-04-11T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24382
published_at	2026-04-12T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24326
published_at	2026-04-13T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24479
published_at	2026-04-02T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24513
published_at	2026-04-04T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24296
published_at	2026-04-07T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24363
published_at	2026-04-08T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24407
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6926

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6926
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6926

reference_url

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117

reference_id

1165117

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-03T17:40:14Z/

url

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117

reference_url

https://phabricator.wikimedia.org/T389010

reference_id

T389010

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-03T17:40:14Z/

url

https://phabricator.wikimedia.org/T389010

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-6926

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h3d2-nr9e-nqbk

url VCID-h789-pcxv-kbgd

vulnerability_id VCID-h789-pcxv-kbgd

summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6590

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01705
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01716
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01527
published_at	2026-04-02T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01531
published_at	2026-04-04T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01534
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01538
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01541
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01727
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01717
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6590

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6590
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6590

reference_url

https://phabricator.wikimedia.org/T392746

reference_id

T392746

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:11:34Z/

url

https://phabricator.wikimedia.org/T392746

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-6590

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h789-pcxv-kbgd

url VCID-h8jw-brz8-hkfn

vulnerability_id VCID-h8jw-brz8-hkfn

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25812

reference_id

reference_type

scores

value	0.00371
scoring_system	epss
scoring_elements	0.58954
published_at	2026-04-16T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.5892
published_at	2026-04-13T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58939
published_at	2026-04-12T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58957
published_at	2026-04-11T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58938
published_at	2026-04-09T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58933
published_at	2026-04-08T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58881
published_at	2026-04-07T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58892
published_at	2026-04-02T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58913
published_at	2026-04-04T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58817
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903767
reference_id	1903767
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903767

reference_url

reference_id

GHSA-rj9p-8jxj-2ch4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25812, GHSA-rj9p-8jxj-2ch4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8jw-brz8-hkfn

url VCID-j1bz-4bex-4key

vulnerability_id VCID-j1bz-4bex-4key

summary mediawiki: messages userrights-expiry-current and userrights-expiry-none can contain raw html

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35475

reference_id

reference_type

scores

value	0.00592
scoring_system	epss
scoring_elements	0.69172
published_at	2026-04-01T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69188
published_at	2026-04-02T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69209
published_at	2026-04-04T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.6919
published_at	2026-04-07T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.6924
published_at	2026-04-08T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69259
published_at	2026-04-09T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69281
published_at	2026-04-11T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69266
published_at	2026-04-12T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69238
published_at	2026-04-13T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69277
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909224
reference_id	1909224
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909224

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35475

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1bz-4bex-4key

url VCID-jm7q-2w3j-buhh

vulnerability_id VCID-jm7q-2w3j-buhh

summary

MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

references

reference_url

reference_id

reference_type

scores

value	0.11025
scoring_system	epss
scoring_elements	0.93432
published_at	2026-04-12T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93452
published_at	2026-04-16T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93433
published_at	2026-04-13T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93407
published_at	2026-04-02T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93415
published_at	2026-04-07T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93424
published_at	2026-04-08T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93427
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_url

https://phabricator.wikimedia.org/T333050

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://phabricator.wikimedia.org/T333050

reference_url

https://www.debian.org/security/2023/dsa-5520

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://www.debian.org/security/2023/dsa-5520

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_id

CVE-2023-45363

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

reference_id

GHSA-w5fx-cx7f-6vr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-45363, GHSA-w5fx-cx7f-6vr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh

url VCID-jwkd-wdus-6ygg

vulnerability_id VCID-jwkd-wdus-6ygg

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47927

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.1637
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16191
published_at	2026-04-16T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16432
published_at	2026-04-04T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16229
published_at	2026-04-07T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16315
published_at	2026-04-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16379
published_at	2026-04-09T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16362
published_at	2026-04-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16323
published_at	2026-04-12T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16255
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2160625
reference_id	2160625
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2160625

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/

reference_id

AP65YEN762IBNQPOYGUVLTQIDLM5XD2A

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html

reference_url

reference_id

msg00011.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html

reference_url

https://phabricator.wikimedia.org/T322637

reference_id

T322637

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://phabricator.wikimedia.org/T322637

reference_url

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/

reference_id

UEMW64LVEH3BEXCJV43CVS6XPYURKWU3

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/

url

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-47927

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwkd-wdus-6ygg

url VCID-k1f5-msra-4kam

vulnerability_id VCID-k1f5-msra-4kam

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30155

reference_id

reference_type

scores

value	0.00318
scoring_system	epss
scoring_elements	0.54898
published_at	2026-04-16T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63422
published_at	2026-04-01T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63482
published_at	2026-04-02T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63509
published_at	2026-04-13T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63473
published_at	2026-04-07T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63525
published_at	2026-04-08T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63542
published_at	2026-04-09T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63558
published_at	2026-04-11T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63543
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948641
reference_id	1948641
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948641

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6594.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30155

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1f5-msra-4kam

url VCID-k7qb-7hbj-1qc2

vulnerability_id VCID-k7qb-7hbj-1qc2

summary MediaWiki: MediaWiki: Cross-site Scripting vulnerability via improper input neutralization

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6594.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6594

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00317
published_at	2026-04-02T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00418
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00428
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00423
published_at	2026-04-12T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00422
published_at	2026-04-13T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00316
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00307
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00305
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6594

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6594
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6594

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2436122
reference_id	2436122
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2436122

reference_url

https://phabricator.wikimedia.org/T395063

reference_id

T395063

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T19:57:15Z/

url

https://phabricator.wikimedia.org/T395063

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-6594

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7qb-7hbj-1qc2

url VCID-m1j5-3ecf-dffj

vulnerability_id VCID-m1j5-3ecf-dffj

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28202

reference_id

reference_type

scores

value	0.00585
scoring_system	epss
scoring_elements	0.69083
published_at	2026-04-16T12:55:00Z

value	0.00585
scoring_system	epss
scoring_elements	0.69088
published_at	2026-04-11T12:55:00Z

value	0.00585
scoring_system	epss
scoring_elements	0.69073
published_at	2026-04-12T12:55:00Z

value	0.00585
scoring_system	epss
scoring_elements	0.69043
published_at	2026-04-13T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.72356
published_at	2026-04-08T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.72368
published_at	2026-04-09T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.72322
published_at	2026-04-02T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.7234
published_at	2026-04-04T12:55:00Z

value	0.00715
scoring_system	epss
scoring_elements	0.72317
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074123
reference_id	2074123
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074123

reference_url

https://security.archlinux.org/AVG-2677

reference_id

AVG-2677

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2677

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-28202

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1j5-3ecf-dffj

url VCID-m1xy-yucr-dqfs

vulnerability_id VCID-m1xy-yucr-dqfs

summary Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit: *.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61635

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03646
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03661
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03672
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03675
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03696
published_at	2026-04-09T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03956
published_at	2026-04-13T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03936
published_at	2026-04-16T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04001
published_at	2026-04-11T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03986
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61635

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635

reference_url

https://phabricator.wikimedia.org/T355073

reference_id

T355073

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:13:27Z/

url

https://phabricator.wikimedia.org/T355073

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61635

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1xy-yucr-dqfs

url VCID-m7uw-sa5j-u3bw

vulnerability_id VCID-m7uw-sa5j-u3bw

summary Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-67481

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01314
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01915
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01935
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01941
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05791
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05765
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0573
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05726
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05689
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-67481

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67481
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67481

reference_url

https://phabricator.wikimedia.org/T251032

reference_id

T251032

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:13Z/

url

https://phabricator.wikimedia.org/T251032

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-67481

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7uw-sa5j-u3bw

url VCID-mbs4-gs37-1fh5

vulnerability_id VCID-mbs4-gs37-1fh5

summary Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61646

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00396
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00385
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00382
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00383
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00548
published_at	2026-04-13T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00545
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00547
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61646

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646

reference_url

https://phabricator.wikimedia.org/T398706

reference_id

T398706

reference_type

scores

value	1.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:04:40Z/

url

https://phabricator.wikimedia.org/T398706

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61646

risk_score 0.3

exploitability 0.5

weighted_severity 0.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbs4-gs37-1fh5

url VCID-nwsr-ruca-2kha

vulnerability_id VCID-nwsr-ruca-2kha

summary

Fix failure to strip Authorization header on HTTP downgrade
### Impact

`Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host.

### Patches

Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.

### Workarounds

An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

### References

* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)

### For more information

If you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31043

reference_id

reference_type

scores

value	0.01454
scoring_system	epss
scoring_elements	0.80824
published_at	2026-04-11T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80838
published_at	2026-04-16T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80801
published_at	2026-04-13T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80809
published_at	2026-04-12T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80753
published_at	2026-04-02T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80774
published_at	2026-04-04T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80771
published_at	2026-04-07T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80799
published_at	2026-04-08T12:55:00Z

value	0.01454
scoring_system	epss
scoring_elements	0.80807
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31043

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31043

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821
reference_id	1012821
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-w248-ffj2-4v5q

reference_url

reference_id

GHSA-w248-ffj2-4v5q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w248-ffj2-4v5q

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-31043, GHSA-w248-ffj2-4v5q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwsr-ruca-2kha

url VCID-pm3s-z5ap-qqay

vulnerability_id VCID-pm3s-z5ap-qqay

summary MediaWiki: MediaWiki: Arbitrary code execution via Cross-site Scripting (XSS)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61640.json

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61640.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61640

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.00267
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00261
published_at	2026-04-08T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00263
published_at	2026-04-07T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00259
published_at	2026-04-09T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00343
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00353
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.0035
published_at	2026-04-12T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00348
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61640

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2436106
reference_id	2436106
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2436106

reference_url

https://phabricator.wikimedia.org/T402075

reference_id

T402075

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:09:45Z/

url

https://phabricator.wikimedia.org/T402075

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61640

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pm3s-z5ap-qqay

url VCID-pm5t-23j4-6yh6

vulnerability_id VCID-pm5t-23j4-6yh6

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25828

reference_id

reference_type

scores

value	0.00387
scoring_system	epss
scoring_elements	0.59859
published_at	2026-04-16T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59839
published_at	2026-04-12T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59856
published_at	2026-04-11T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59835
published_at	2026-04-09T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59822
published_at	2026-04-13T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5977
published_at	2026-04-07T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59801
published_at	2026-04-04T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59777
published_at	2026-04-02T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59703
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25828

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-announce

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-announce

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903776
reference_id	1903776
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903776

reference_url

reference_id

GHSA-h8qx-mj6v-2934

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28201

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25828, GHSA-h8qx-mj6v-2934

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6

url VCID-pw9d-1cwb-tyb9

vulnerability_id VCID-pw9d-1cwb-tyb9

summary security update

references

reference_url

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.20668
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20849
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20907
published_at	2026-04-04T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20621
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20697
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20759
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20777
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20733
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20682
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32699

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-28201

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pw9d-1cwb-tyb9

url VCID-pwjk-pzpj-aff6

vulnerability_id VCID-pwjk-pzpj-aff6

summary Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.

references

reference_url

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55778
published_at	2026-04-02T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60333
published_at	2026-04-16T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60312
published_at	2026-04-12T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60293
published_at	2026-04-13T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60272
published_at	2026-04-04T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60241
published_at	2026-04-07T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.6029
published_at	2026-04-08T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60305
published_at	2026-04-09T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60326
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699

reference_url

https://phabricator.wikimedia.org/T387130

reference_id

T387130

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/RE:M/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:51:20Z/

url

https://phabricator.wikimedia.org/T387130

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-32699

risk_score 0.7

exploitability 0.5

weighted_severity 1.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwjk-pzpj-aff6

url VCID-qjhk-97j6-2qfm

vulnerability_id VCID-qjhk-97j6-2qfm

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44854

reference_id

reference_type

scores

value	0.00187
scoring_system	epss
scoring_elements	0.40491
published_at	2026-04-01T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40571
published_at	2026-04-08T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40591
published_at	2026-04-16T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.4052
published_at	2026-04-07T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40581
published_at	2026-04-09T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40599
published_at	2026-04-11T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40562
published_at	2026-04-12T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40543
published_at	2026-04-13T12:55:00Z

value	0.00187
scoring_system	epss
scoring_elements	0.40598
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156316
reference_id	2156316
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156316

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:53:28Z/

url

https://phabricator.wikimedia.org/T292763

reference_url

reference_id

T292763

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:53:28Z/

url

https://phabricator.wikimedia.org/T292763

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44854

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhk-97j6-2qfm

url VCID-qpgu-mg6m-vyef

vulnerability_id VCID-qpgu-mg6m-vyef

summary Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-67482

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05245
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05277
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05303
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05337
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05359
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05326
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05547
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05497
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05554
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-67482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67482
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67482

reference_url

https://phabricator.wikimedia.org/T408135

reference_id

T408135

reference_type

scores

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:14Z/

url

https://phabricator.wikimedia.org/T408135

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-67482

risk_score 0.5

exploitability 0.5

weighted_severity 1.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpgu-mg6m-vyef

url VCID-qqvd-cjs3-7kab

vulnerability_id VCID-qqvd-cjs3-7kab

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34912

reference_id

reference_type

scores

value	0.00236
scoring_system	epss
scoring_elements	0.46482
published_at	2026-04-02T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46502
published_at	2026-04-12T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46452
published_at	2026-04-07T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46507
published_at	2026-04-09T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.4653
published_at	2026-04-11T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46511
published_at	2026-04-13T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46568
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2112772
reference_id	2112772
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2112772

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41767

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-34912

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqvd-cjs3-7kab

url VCID-qwcp-5hh8-z3gp

vulnerability_id VCID-qwcp-5hh8-z3gp

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json

reference_url

reference_id

reference_type

scores

value	0.00245
scoring_system	epss
scoring_elements	0.47839
published_at	2026-04-16T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47754
published_at	2026-04-02T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47723
published_at	2026-04-07T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47777
published_at	2026-04-08T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47773
published_at	2026-04-09T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47798
published_at	2026-04-11T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47784
published_at	2026-04-13T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47774
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41767

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156331
reference_id	2156331
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156331

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:22:46Z/

url

https://phabricator.wikimedia.org/T316304

reference_url

reference_id

T316304

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:22:46Z/

url

https://phabricator.wikimedia.org/T316304

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-41767

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwcp-5hh8-z3gp

url VCID-ruur-4cvx-cqct

vulnerability_id VCID-ruur-4cvx-cqct

summary mediawiki: cross site scripting

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-36675

reference_id

reference_type

scores

value	0.00526
scoring_system	epss
scoring_elements	0.66994
published_at	2026-04-02T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67062
published_at	2026-04-16T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66993
published_at	2026-04-07T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67042
published_at	2026-04-08T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67055
published_at	2026-04-09T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67074
published_at	2026-04-11T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.6706
published_at	2026-04-12T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67029
published_at	2026-04-13T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67019
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-36675

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40

reference_id

1.40#Other_changes_in_1.40

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2217428
reference_id	2217428
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2217428

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

reference_id

2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

reference_id

6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

reference_id

DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/

reference_url

https://phabricator.wikimedia.org/T332889

reference_id

T332889

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/

url

https://phabricator.wikimedia.org/T332889

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-36675

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ruur-4cvx-cqct

url VCID-rwtk-hep1-xfaw

vulnerability_id VCID-rwtk-hep1-xfaw

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30152

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59116
published_at	2026-04-16T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66938
published_at	2026-04-01T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66976
published_at	2026-04-02T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67001
published_at	2026-04-04T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66975
published_at	2026-04-07T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67024
published_at	2026-04-08T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67036
published_at	2026-04-09T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67056
published_at	2026-04-11T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67041
published_at	2026-04-12T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.6701
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948636
reference_id	1948636
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948636

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30152

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwtk-hep1-xfaw

url VCID-rz65-w7x5-57hu

vulnerability_id VCID-rz65-w7x5-57hu

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34911

reference_id

reference_type

scores

value	0.00435
scoring_system	epss
scoring_elements	0.62828
published_at	2026-04-02T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62858
published_at	2026-04-04T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62822
published_at	2026-04-07T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62873
published_at	2026-04-08T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62889
published_at	2026-04-09T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62907
published_at	2026-04-11T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62897
published_at	2026-04-12T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62875
published_at	2026-04-13T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62915
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2112770
reference_id	2112770
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2112770

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-34911

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rz65-w7x5-57hu

url VCID-sc5s-s7vg-dygq

vulnerability_id VCID-sc5s-s7vg-dygq

summary mediawiki: denial of service

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34506

reference_id

reference_type

scores

value	0.00171
scoring_system	epss
scoring_elements	0.38369
published_at	2026-04-16T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38367
published_at	2026-04-09T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38383
published_at	2026-04-11T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38346
published_at	2026-04-12T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38321
published_at	2026-04-13T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.3842
published_at	2026-04-02T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38444
published_at	2026-04-04T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38308
published_at	2026-04-07T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38358
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2279231
reference_id	2279231
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2279231

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_id

FU2FGUXXK6TMV6R52VRECLC6XCSQQISY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_url

https://phabricator.wikimedia.org/T357760

reference_id

T357760

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/

url

https://phabricator.wikimedia.org/T357760

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2024-34506

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sc5s-s7vg-dygq

url VCID-sca5-n7rz-rffq

vulnerability_id VCID-sca5-n7rz-rffq

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44856

reference_id

reference_type

scores

value	0.00176
scoring_system	epss
scoring_elements	0.38942
published_at	2026-04-01T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39127
published_at	2026-04-02T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39151
published_at	2026-04-16T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39124
published_at	2026-04-08T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39141
published_at	2026-04-09T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39153
published_at	2026-04-11T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39116
published_at	2026-04-12T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39096
published_at	2026-04-13T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.3915
published_at	2026-04-04T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39069
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2156326
reference_id	2156326
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2156326

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:49:08Z/

url

https://phabricator.wikimedia.org/T271037

reference_url

reference_id

T271037

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:49:08Z/

url

https://phabricator.wikimedia.org/T271037

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-44856

risk_score 2.2

exploitability 0.5

weighted_severity 4.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sca5-n7rz-rffq

url VCID-sr9a-a6vt-1qgt

vulnerability_id VCID-sr9a-a6vt-1qgt

summary Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61638

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00323
published_at	2026-04-02T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00321
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00312
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00311
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00431
published_at	2026-04-13T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00428
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00437
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00432
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61638

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638

reference_url

https://phabricator.wikimedia.org/T401099

reference_id

T401099

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:10:22Z/

url

https://phabricator.wikimedia.org/T401099

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61638

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sr9a-a6vt-1qgt

url VCID-tutk-y8jg-n7dh

vulnerability_id VCID-tutk-y8jg-n7dh

summary Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-67478

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05372
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05583
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05545
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0551
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05607
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05579
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05546
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05811
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05818
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-67478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67478

reference_url

https://phabricator.wikimedia.org/T385403

reference_id

T385403

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:08Z/

url

https://phabricator.wikimedia.org/T385403

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-67478

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tutk-y8jg-n7dh

url VCID-ujdn-y48t-pbch

vulnerability_id VCID-ujdn-y48t-pbch

summary

MediaWiki Special:UserRights exposes the existence of hidden users
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, Special:UserRights exposes the existence of hidden users.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25813

reference_id

reference_type

scores

value	0.00366
scoring_system	epss
scoring_elements	0.58634
published_at	2026-04-16T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.586
published_at	2026-04-13T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.5864
published_at	2026-04-11T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58565
published_at	2026-04-07T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58595
published_at	2026-04-04T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58574
published_at	2026-04-02T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58489
published_at	2026-04-01T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.5862
published_at	2026-04-12T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58623
published_at	2026-04-09T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58616
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903764
reference_id	1903764
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903764

reference_url

reference_id

GHSA-c4rj-wrmq-52rj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67475.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25813, GHSA-c4rj-wrmq-52rj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujdn-y48t-pbch

url VCID-v3dp-7stt-tygf

vulnerability_id VCID-v3dp-7stt-tygf

summary MediaWiki: MediaWiki: Cross-site Scripting vulnerability due to improper input neutralization

references

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67475.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-67475

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01642
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02425
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02443
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06288
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06203
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06247
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06223
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06192
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-67475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67475

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2436176
reference_id	2436176
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2436176

reference_url

https://phabricator.wikimedia.org/T406664

reference_id

T406664

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:07Z/

url

https://phabricator.wikimedia.org/T406664

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-67475

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3dp-7stt-tygf

url VCID-vjd5-jv5h-yfhw

vulnerability_id VCID-vjd5-jv5h-yfhw

summary Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61655

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04535
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05492
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05542
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05549
published_at	2026-04-12T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13053
published_at	2026-04-09T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13002
published_at	2026-04-08T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13121
published_at	2026-04-04T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12923
published_at	2026-04-07T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13067
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61655

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61655
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61655

reference_url

https://phabricator.wikimedia.org/T395858

reference_id

T395858

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:00:47Z/

url

https://phabricator.wikimedia.org/T395858

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61655

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vjd5-jv5h-yfhw

url VCID-w51y-hprj-buap

vulnerability_id VCID-w51y-hprj-buap

summary Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32696

reference_id

reference_type

scores

value	0.00273
scoring_system	epss
scoring_elements	0.50697
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5573
published_at	2026-04-13T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55767
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55748
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55726
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55704
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55755
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55759
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32696

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696

reference_url

https://phabricator.wikimedia.org/T304474

reference_id

T304474

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:06:02Z/

url

https://phabricator.wikimedia.org/T304474

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-32696

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w51y-hprj-buap

url VCID-wraf-59ce-u3br

vulnerability_id VCID-wraf-59ce-u3br

summary MediaWiki: MediaWiki: Vulnerability in parsing and sanitization

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67479.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67479.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-67479

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05245
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05277
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05303
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05337
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05359
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05326
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05547
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05497
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05554
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-67479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67479

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2436184
reference_id	2436184
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2436184

reference_url

https://phabricator.wikimedia.org/T407131

reference_id

T407131

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:19Z/

url

https://phabricator.wikimedia.org/T407131

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-67479

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wraf-59ce-u3br

url VCID-wzqf-k99e-vbeu

vulnerability_id VCID-wzqf-k99e-vbeu

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31091

reference_id

reference_type

scores

value	0.0034
scoring_system	epss
scoring_elements	0.5672
published_at	2026-04-02T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.5674
published_at	2026-04-13T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56761
published_at	2026-04-12T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56784
published_at	2026-04-11T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56775
published_at	2026-04-09T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56771
published_at	2026-04-16T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56719
published_at	2026-04-07T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56741
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/

url

https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82

reference_url

https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/

url

https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31091

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31091

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/

url

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492
reference_id	1014492
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-q559-8m2m-g699

reference_url

reference_id

GHSA-q559-8m2m-g699

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q559-8m2m-g699

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6593

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-31091, GHSA-q559-8m2m-g699, GMS-2022-2529

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzqf-k99e-vbeu

url VCID-xtd9-wbd9-67ew

vulnerability_id VCID-xtd9-wbd9-67ew

summary Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.

references

reference_url

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03646
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03661
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03672
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03675
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03696
published_at	2026-04-09T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03956
published_at	2026-04-13T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03936
published_at	2026-04-16T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04001
published_at	2026-04-11T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03986
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6593

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6593
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6593

reference_url

https://phabricator.wikimedia.org/T396230

reference_id

T396230

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T14:42:43Z/

url

https://phabricator.wikimedia.org/T396230

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-6593

risk_score 0.7

exploitability 0.5

weighted_severity 1.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xtd9-wbd9-67ew

url VCID-yakw-r8bh-5bde

vulnerability_id VCID-yakw-r8bh-5bde

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28203

reference_id

reference_type

scores

value	0.00418
scoring_system	epss
scoring_elements	0.61847
published_at	2026-04-16T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61751
published_at	2026-04-07T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61781
published_at	2026-04-04T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.618
published_at	2026-04-08T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61815
published_at	2026-04-09T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61835
published_at	2026-04-11T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61823
published_at	2026-04-12T12:55:00Z

value	0.00418
scoring_system	epss
scoring_elements	0.61803
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

reference_url

reference_id

AVG-2823

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3469

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2022-28203

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yakw-r8bh-5bde

url VCID-z3qw-4ejj-uffj

vulnerability_id VCID-z3qw-4ejj-uffj

summary Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

references

reference_url

reference_id

reference_type

scores

value	0.00436
scoring_system	epss
scoring_elements	0.62921
published_at	2026-04-02T12:55:00Z

value	0.00523
scoring_system	epss
scoring_elements	0.66932
published_at	2026-04-16T12:55:00Z

value	0.00523
scoring_system	epss
scoring_elements	0.66931
published_at	2026-04-12T12:55:00Z

value	0.00523
scoring_system	epss
scoring_elements	0.66899
published_at	2026-04-13T12:55:00Z

value	0.00523
scoring_system	epss
scoring_elements	0.6689
published_at	2026-04-04T12:55:00Z

value	0.00523
scoring_system	epss
scoring_elements	0.66863
published_at	2026-04-07T12:55:00Z

value	0.00523
scoring_system	epss
scoring_elements	0.66911
published_at	2026-04-08T12:55:00Z

value	0.00523
scoring_system	epss
scoring_elements	0.66925
published_at	2026-04-09T12:55:00Z

value	0.00523
scoring_system	epss
scoring_elements	0.66945
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469

reference_url

https://phabricator.wikimedia.org/T358689

reference_id

T358689

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:06:28Z/

url

https://phabricator.wikimedia.org/T358689

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-3469

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3qw-4ejj-uffj

url VCID-z8qp-v64u-tuh8

vulnerability_id VCID-z8qp-v64u-tuh8

summary MediaWiki: MediaWiki: Vulnerability in ApiFormatXml.Php requiring high privileges

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67484.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67484.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-67484

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09366
published_at	2026-04-16T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09933
published_at	2026-04-02T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09879
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09954
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10004
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10019
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09981
published_at	2026-04-04T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12043
published_at	2026-04-13T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12073
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-67484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67484

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2436190
reference_id	2436190
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2436190

reference_url

https://phabricator.wikimedia.org/T401995

reference_id

T401995

reference_type

scores

value	0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:02:03Z/

url

https://phabricator.wikimedia.org/T401995

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-67484

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8qp-v64u-tuh8

url VCID-z9d9-aer5-gfa9

vulnerability_id VCID-z9d9-aer5-gfa9

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.39365
published_at	2026-04-16T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39287
published_at	2026-04-07T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39313
published_at	2026-04-13T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39331
published_at	2026-04-12T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39371
published_at	2026-04-11T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39359
published_at	2026-04-09T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39164
published_at	2026-04-01T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39342
published_at	2026-04-08T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.3935
published_at	2026-04-02T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39374
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/

reference_url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
reference_id
reference_type
scores
url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517
reference_id	2009517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GHSA-c8wv-qwwc-6j73

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45360

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41800, GHSA-c8wv-qwwc-6j73

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9

url VCID-zj5a-p9u4-ducw

vulnerability_id VCID-zj5a-p9u4-ducw

summary mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json

reference_url

reference_id

reference_type

scores

value	0.00393
scoring_system	epss
scoring_elements	0.60323
published_at	2026-04-16T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60314
published_at	2026-04-11T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60301
published_at	2026-04-12T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60283
published_at	2026-04-13T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60236
published_at	2026-04-02T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60262
published_at	2026-04-04T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60229
published_at	2026-04-07T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60279
published_at	2026-04-08T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60294
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2247803
reference_id	2247803
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2247803

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_id

FU2FGUXXK6TMV6R52VRECLC6XCSQQISY

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

reference_url

https://phabricator.wikimedia.org/T340221

reference_id

T340221

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/

url

https://phabricator.wikimedia.org/T340221

fixed_packages

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2023-45360

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj5a-p9u4-ducw

url VCID-ztxx-cc2c-87at

vulnerability_id VCID-ztxx-cc2c-87at

summary Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61643

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00619
published_at	2026-04-02T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00611
published_at	2026-04-04T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00614
published_at	2026-04-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00612
published_at	2026-04-08T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00606
published_at	2026-04-09T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.0077
published_at	2026-04-12T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00772
published_at	2026-04-16T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00777
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61643

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643

reference_url

https://phabricator.wikimedia.org/T403757

reference_id

T403757

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/RE:M/U:Green

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:15:36Z/

url

https://phabricator.wikimedia.org/T403757

fixed_packages

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1

aliases CVE-2025-61643

risk_score 0.8

exploitability 0.5

weighted_severity 1.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ztxx-cc2c-87at

Fixing_vulnerabilities

url VCID-1697-p35n-fber

vulnerability_id VCID-1697-p35n-fber

summary

Wikimedia MediaWiki allows CSRF
Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12466

reference_id

reference_type

scores

value	0.0018
scoring_system	epss
scoring_elements	0.39621
published_at	2026-04-02T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39637
published_at	2026-04-16T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39586
published_at	2026-04-13T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39615
published_at	2026-04-08T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.3956
published_at	2026-04-07T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39644
published_at	2026-04-04T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39472
published_at	2026-04-01T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39602
published_at	2026-04-12T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39639
published_at	2026-04-11T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39629
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12466

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12466

reference_url

https://phabricator.wikimedia.org/T25227

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T25227

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-27fw-r78j-h898

reference_url

reference_id

GHSA-27fw-r78j-h898

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-27fw-r78j-h898

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-12466, GHSA-27fw-r78j-h898

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1697-p35n-fber

url VCID-1866-gt2g-1qfv

vulnerability_id VCID-1866-gt2g-1qfv

summary

MediaWiki Incorrect Access Control vulnerability
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12469

reference_id

reference_type

scores

value	0.00153
scoring_system	epss
scoring_elements	0.36178
published_at	2026-04-02T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36093
published_at	2026-04-16T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36052
published_at	2026-04-13T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36092
published_at	2026-04-08T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36042
published_at	2026-04-07T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36207
published_at	2026-04-04T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.35983
published_at	2026-04-01T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36078
published_at	2026-04-12T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36116
published_at	2026-04-11T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.3611
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12469

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12469

reference_url

https://phabricator.wikimedia.org/T222036

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T222036

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-x3fr-w7r5-x7rg

reference_url

reference_id

GHSA-x3fr-w7r5-x7rg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x3fr-w7r5-x7rg

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-12469, GHSA-x3fr-w7r5-x7rg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1866-gt2g-1qfv

url VCID-1na8-nyq1-yfcy

vulnerability_id VCID-1na8-nyq1-yfcy

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20270

reference_id

reference_type

scores

value	0.00205
scoring_system	epss
scoring_elements	0.42655
published_at	2026-04-13T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42672
published_at	2026-04-12T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42708
published_at	2026-04-11T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42685
published_at	2026-04-09T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42673
published_at	2026-04-08T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42622
published_at	2026-04-07T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42583
published_at	2026-04-01T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42682
published_at	2026-04-04T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42654
published_at	2026-04-02T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.44968
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20270

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1922136

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1922136

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664
reference_id	984664
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664

reference_url

reference_id

AVG-1662

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json

reference_url	https://access.redhat.com/errata/RHSA-2021:0781
reference_id	RHSA-2021:0781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0781

reference_url	https://access.redhat.com/errata/RHSA-2021:3252
reference_id	RHSA-2021:3252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3252

reference_url	https://access.redhat.com/errata/RHSA-2021:4139
reference_id	RHSA-2021:4139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4139

reference_url	https://access.redhat.com/errata/RHSA-2021:4150
reference_id	RHSA-2021:4150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4150

reference_url	https://access.redhat.com/errata/RHSA-2021:4151
reference_id	RHSA-2021:4151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4151

reference_url	https://usn.ubuntu.com/4885-1/
reference_id	USN-4885-1
reference_type
scores
url	https://usn.ubuntu.com/4885-1/

reference_url	https://usn.ubuntu.com/4897-2/
reference_id	USN-4897-2
reference_type
scores
url	https://usn.ubuntu.com/4897-2/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-20270, GHSA-9w8r-397f-prfh, PYSEC-2021-140

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1na8-nyq1-yfcy

url VCID-32f4-khen-3yez

vulnerability_id VCID-32f4-khen-3yez

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30159

reference_id

reference_type

scores

value	0.00866
scoring_system	epss
scoring_elements	0.75081
published_at	2026-04-01T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75083
published_at	2026-04-02T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75112
published_at	2026-04-04T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75089
published_at	2026-04-07T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75157
published_at	2026-04-11T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75124
published_at	2026-04-13T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75123
published_at	2026-04-08T12:55:00Z

value	0.00866
scoring_system	epss
scoring_elements	0.75135
published_at	2026-04-12T12:55:00Z

value	0.00873
scoring_system	epss
scoring_elements	0.75289
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948638
reference_id	1948638
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948638

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30159

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32f4-khen-3yez

url VCID-3s9f-prpy-hbcx

vulnerability_id VCID-3s9f-prpy-hbcx

summary

Cross-site Scripting
The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

reference_url

http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

reference_url

http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html

reference_url

http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

reference_url

https://access.redhat.com/errata/RHBA-2019:1570

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://access.redhat.com/errata/RHBA-2019:1570

reference_url

https://access.redhat.com/errata/RHSA-2019:1456

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://access.redhat.com/errata/RHSA-2019:1456

reference_url

https://access.redhat.com/errata/RHSA-2019:2587

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://access.redhat.com/errata/RHSA-2019:2587

reference_url

https://access.redhat.com/errata/RHSA-2019:3023

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://access.redhat.com/errata/RHSA-2019:3023

reference_url

https://access.redhat.com/errata/RHSA-2019:3024

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://access.redhat.com/errata/RHSA-2019:3024

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11358

reference_id

reference_type

scores

value	0.01856
scoring_system	epss
scoring_elements	0.83012
published_at	2026-04-08T12:55:00Z

value	0.01856
scoring_system	epss
scoring_elements	0.8299
published_at	2026-04-04T12:55:00Z

value	0.01856
scoring_system	epss
scoring_elements	0.82988
published_at	2026-04-07T12:55:00Z

value	0.01856
scoring_system	epss
scoring_elements	0.8302
published_at	2026-04-09T12:55:00Z

value	0.01856
scoring_system	epss
scoring_elements	0.83035
published_at	2026-04-11T12:55:00Z

value	0.01856
scoring_system	epss
scoring_elements	0.83028
published_at	2026-04-12T12:55:00Z

value	0.01856
scoring_system	epss
scoring_elements	0.83024
published_at	2026-04-13T12:55:00Z

value	0.02646
scoring_system	epss
scoring_elements	0.85754
published_at	2026-04-16T12:55:00Z

value	0.02717
scoring_system	epss
scoring_elements	0.85871
published_at	2026-04-02T12:55:00Z

value	0.02717
scoring_system	epss
scoring_elements	0.8586
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11358

reference_url

https://backdropcms.org/security/backdrop-sa-core-2019-009

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://backdropcms.org/security/backdrop-sa-core-2019-009

reference_url

https://blog.jquery.com/2019/04/10/jquery-3-4-0-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://blog.jquery.com/2019/04/10/jquery-3-4-0-released

reference_url

https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

http://seclists.org/fulldisclosure/2019/May/10

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://seclists.org/fulldisclosure/2019/May/10

reference_url

http://seclists.org/fulldisclosure/2019/May/11

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://seclists.org/fulldisclosure/2019/May/11

reference_url

http://seclists.org/fulldisclosure/2019/May/13

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://seclists.org/fulldisclosure/2019/May/13

reference_url

https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f

reference_url

https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829

reference_url

https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad

reference_url

https://github.com/jquery/jquery

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery

reference_url

https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

reference_url

https://github.com/jquery/jquery/pull/4333

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://github.com/jquery/jquery/pull/4333

reference_url

https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc

reference_url

https://github.com/maximebf/php-debugbar/issues/447

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/maximebf/php-debugbar/issues/447

reference_url

https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434

reference_url

https://hackerone.com/reports/454365

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements

url

https://hackerone.com/reports/454365

reference_url

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

reference_url

https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html

reference_url

https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5

reference_url

https://seclists.org/bugtraq/2019/Apr/32

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://seclists.org/bugtraq/2019/Apr/32

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://seclists.org/bugtraq/2019/May/18

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://seclists.org/bugtraq/2019/May/18

reference_url

https://security.netapp.com/advisory/ntap-20190919-0001

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190919-0001

reference_url

https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226

reference_url

https://snyk.io/vuln/SNYK-JS-JQUERY-174006

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://snyk.io/vuln/SNYK-JS-JQUERY-174006

reference_url

https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1

100

reference_url

https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023

101

reference_url

https://www.debian.org/security/2019/dsa-4434

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.debian.org/security/2019/dsa-4434

102

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.djangoproject.com/weblog/2019/jun/03/security-releases

103

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2019/jun/03/security-releases

104

reference_url

https://www.drupal.org/sa-core-2019-006

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.drupal.org/sa-core-2019-006

105

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/security-alerts/cpuapr2020.html

106

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

107

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/security-alerts/cpujan2020.html

108

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/security-alerts/cpujan2021.html

109

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

110

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

111

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

112

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/security-alerts/cpuoct2020.html

113

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

114

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

115

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

116

reference_url

https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery

117

reference_url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.synology.com/security/advisory/Synology_SA_19_19

118

reference_url

https://www.tenable.com/security/tns-2019-08

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.tenable.com/security/tns-2019-08

119

reference_url

https://www.tenable.com/security/tns-2020-02

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.tenable.com/security/tns-2020-02

120

reference_url

http://www.openwall.com/lists/oss-security/2019/06/03/2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://www.openwall.com/lists/oss-security/2019/06/03/2

121

reference_url

http://www.securityfocus.com/bid/108023

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

http://www.securityfocus.com/bid/108023

122

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1701972
reference_id	1701972
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1701972

123

reference_url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json

reference_id

496

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements

url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json

124

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/

reference_id

4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/

125

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/

reference_id

5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/

126

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466
reference_id	927466
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466

127

reference_url	https://security.archlinux.org/ASA-201906-2
reference_id	ASA-201906-2
reference_type
scores
url	https://security.archlinux.org/ASA-201906-2

128

reference_url

https://security.archlinux.org/AVG-969

reference_id

AVG-969

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-969

129

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11358

reference_id

CVE-2019-11358

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11358

130

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml

reference_id

CVE-2019-11358.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml

131

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt
reference_id	CVE-2020-7656;CVE-2019-11358
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt

132

reference_url

https://github.com/advisories/GHSA-6c3j-c64m-qhgq

reference_id

GHSA-6c3j-c64m-qhgq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6c3j-c64m-qhgq

133

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/

reference_id

KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/

134

reference_url

https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/

reference_id

mitigating-cve-2019-11358-in-old-versions-of-jquery

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/

135

reference_url

https://security.netapp.com/advisory/ntap-20190919-0001/

reference_id

ntap-20190919-0001

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://security.netapp.com/advisory/ntap-20190919-0001/

136

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/

reference_id

QV3PKZC3PQCO3273HAT76PAQZFBEO4KP

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/

137

reference_url	https://access.redhat.com/errata/RHSA-2020:1325
reference_id	RHSA-2020:1325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1325

138

reference_url	https://access.redhat.com/errata/RHSA-2020:2412
reference_id	RHSA-2020:2412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2412

139

reference_url	https://access.redhat.com/errata/RHSA-2020:3936
reference_id	RHSA-2020:3936
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3936

140

reference_url	https://access.redhat.com/errata/RHSA-2020:4298
reference_id	RHSA-2020:4298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4298

141

reference_url	https://access.redhat.com/errata/RHSA-2020:4670
reference_id	RHSA-2020:4670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4670

142

reference_url	https://access.redhat.com/errata/RHSA-2020:4847
reference_id	RHSA-2020:4847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4847

143

reference_url	https://access.redhat.com/errata/RHSA-2020:5581
reference_id	RHSA-2020:5581
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5581

144

reference_url	https://access.redhat.com/errata/RHSA-2021:4142
reference_id	RHSA-2021:4142
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4142

145

reference_url	https://access.redhat.com/errata/RHSA-2022:7343
reference_id	RHSA-2022:7343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7343

146

reference_url	https://access.redhat.com/errata/RHSA-2023:0552
reference_id	RHSA-2023:0552
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0552

147

reference_url	https://access.redhat.com/errata/RHSA-2023:0553
reference_id	RHSA-2023:0553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0553

148

reference_url	https://access.redhat.com/errata/RHSA-2023:0554
reference_id	RHSA-2023:0554
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0554

149

reference_url	https://access.redhat.com/errata/RHSA-2023:0556
reference_id	RHSA-2023:0556
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0556

150

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/

reference_id

RLXRX23725JL366CNZGJZ7AQQB7LHQ6F

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/

151

reference_url	https://usn.ubuntu.com/7622-1/
reference_id	USN-7622-1
reference_type
scores
url	https://usn.ubuntu.com/7622-1/

152

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/

reference_id

WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-11358, GHSA-6c3j-c64m-qhgq

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3s9f-prpy-hbcx

url VCID-4dfp-3qk9-j7fg

vulnerability_id VCID-4dfp-3qk9-j7fg

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-35197

reference_id

reference_type

scores

value	0.0073
scoring_system	epss
scoring_elements	0.72618
published_at	2026-04-01T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72626
published_at	2026-04-02T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72644
published_at	2026-04-04T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72621
published_at	2026-04-07T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.7266
published_at	2026-04-08T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72673
published_at	2026-04-09T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72696
published_at	2026-04-11T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72679
published_at	2026-04-12T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72669
published_at	2026-04-13T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72711
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1980308
reference_id	1980308
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1980308

reference_url	https://security.archlinux.org/ASA-202107-7
reference_id	ASA-202107-7
reference_type
scores
url	https://security.archlinux.org/ASA-202107-7

reference_url

reference_id

AVG-2093

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19709

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-35197

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dfp-3qk9-j7fg

url VCID-4keq-jcfa-13hc

vulnerability_id VCID-4keq-jcfa-13hc

summary

Possible to circumvent title-blacklist
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.

references

reference_url

reference_id

reference_type

scores

value	0.00315
scoring_system	epss
scoring_elements	0.54574
published_at	2026-04-02T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54625
published_at	2026-04-16T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54587
published_at	2026-04-13T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54608
published_at	2026-04-12T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54613
published_at	2026-04-09T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54618
published_at	2026-04-08T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54567
published_at	2026-04-07T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54597
published_at	2026-04-04T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54502
published_at	2026-04-01T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54626
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709

reference_url

https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19709

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19709

reference_url

https://phabricator.wikimedia.org/T239466

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T239466

reference_url

https://seclists.org/bugtraq/2019/Dec/48

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/Dec/48

reference_url

https://www.debian.org/security/2019/dsa-4592

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2019/dsa-4592

reference_url

https://github.com/advisories/GHSA-pjv5-vv93-p648

reference_id

GHSA-pjv5-vv93-p648

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pjv5-vv93-p648

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-19709, GHSA-pjv5-vv93-p648

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4keq-jcfa-13hc

url VCID-7ar6-14bb-yfc5

vulnerability_id VCID-7ar6-14bb-yfc5

summary mediawiki: divergent behavior for contributions and user pages of hidden users and missing users

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35480

reference_id

reference_type

scores

value	0.00344
scoring_system	epss
scoring_elements	0.56945
published_at	2026-04-01T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5704
published_at	2026-04-02T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57062
published_at	2026-04-04T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57039
published_at	2026-04-07T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5709
published_at	2026-04-08T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57092
published_at	2026-04-09T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57104
published_at	2026-04-11T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57083
published_at	2026-04-12T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57059
published_at	2026-04-13T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57086
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909240
reference_id	1909240
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909240

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41801

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35480

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ar6-14bb-yfc5

url VCID-7j54-uz1w-y3dn

vulnerability_id VCID-7j54-uz1w-y3dn

summary security update

references

reference_url

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59362
published_at	2026-04-16T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59219
published_at	2026-04-01T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59293
published_at	2026-04-02T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59317
published_at	2026-04-04T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59281
published_at	2026-04-07T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59332
published_at	2026-04-08T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59345
published_at	2026-04-09T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59364
published_at	2026-04-11T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59348
published_at	2026-04-12T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.5933
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41801

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j54-uz1w-y3dn

url VCID-7m3q-wuh7-k7fn

vulnerability_id VCID-7m3q-wuh7-k7fn

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30154

reference_id

reference_type

scores

value	0.00814
scoring_system	epss
scoring_elements	0.74306
published_at	2026-04-16T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78133
published_at	2026-04-01T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78142
published_at	2026-04-02T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78172
published_at	2026-04-04T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78154
published_at	2026-04-07T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78181
published_at	2026-04-08T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78187
published_at	2026-04-09T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78212
published_at	2026-04-11T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78195
published_at	2026-04-12T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78191
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946690
reference_id	1946690
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946690

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30154

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m3q-wuh7-k7fn

url VCID-8sqw-6aae-13f5

vulnerability_id VCID-8sqw-6aae-13f5

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30157

reference_id

reference_type

scores

value	0.00734
scoring_system	epss
scoring_elements	0.72793
published_at	2026-04-16T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.76989
published_at	2026-04-01T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.76995
published_at	2026-04-02T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77024
published_at	2026-04-04T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77005
published_at	2026-04-07T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77037
published_at	2026-04-08T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77047
published_at	2026-04-09T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77076
published_at	2026-04-11T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.77055
published_at	2026-04-12T12:55:00Z

value	0.01006
scoring_system	epss
scoring_elements	0.7705
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946692
reference_id	1946692
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946692

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30157

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqw-6aae-13f5

url VCID-9nnu-4mda-7qg9

vulnerability_id VCID-9nnu-4mda-7qg9

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41798

reference_id

reference_type

scores

value	0.00158
scoring_system	epss
scoring_elements	0.36614
published_at	2026-04-01T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36769
published_at	2026-04-02T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36801
published_at	2026-04-04T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36637
published_at	2026-04-07T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36688
published_at	2026-04-08T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36705
published_at	2026-04-09T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36714
published_at	2026-04-11T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36679
published_at	2026-04-12T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36653
published_at	2026-04-13T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36698
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009507
reference_id	2009507
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009507

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41798

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nnu-4mda-7qg9

url VCID-ad34-frk5-kqds

vulnerability_id VCID-ad34-frk5-kqds

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30158

reference_id

reference_type

scores

value	0.0061
scoring_system	epss
scoring_elements	0.69784
published_at	2026-04-16T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69788
published_at	2026-04-01T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69801
published_at	2026-04-02T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69816
published_at	2026-04-04T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69793
published_at	2026-04-07T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69841
published_at	2026-04-08T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69856
published_at	2026-04-09T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69879
published_at	2026-04-11T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69864
published_at	2026-04-12T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69851
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946698
reference_id	1946698
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946698

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30158

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad34-frk5-kqds

url VCID-arzd-7xhw-qqb4

vulnerability_id VCID-arzd-7xhw-qqb4

summary

OATHAuth extension in MediaWiki is not implementing rate limit
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25827

reference_id

reference_type

scores

value	0.00239
scoring_system	epss
scoring_elements	0.47046
published_at	2026-04-16T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4699
published_at	2026-04-13T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4701
published_at	2026-04-11T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46988
published_at	2026-04-08T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46987
published_at	2026-04-04T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.4697
published_at	2026-04-02T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46934
published_at	2026-04-07T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46983
published_at	2026-04-12T12:55:00Z

value	0.00239
scoring_system	epss
scoring_elements	0.46985
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903761
reference_id	1903761
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903761

reference_url

reference_id

GHSA-rqvj-fc2x-99q6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10960.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25827, GHSA-rqvj-fc2x-99q6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arzd-7xhw-qqb4

url VCID-at9r-vw7p-6bfv

vulnerability_id VCID-at9r-vw7p-6bfv

summary

MediaWiki makeCollapsible allows applying event handler to any CSS selector
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10960.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10960

reference_id

reference_type

scores

value	0.00209
scoring_system	epss
scoring_elements	0.43399
published_at	2026-04-16T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43351
published_at	2026-04-08T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43386
published_at	2026-04-11T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43333
published_at	2026-04-02T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43361
published_at	2026-04-04T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43299
published_at	2026-04-07T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43365
published_at	2026-04-09T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43339
published_at	2026-04-13T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43355
published_at	2026-04-12T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43275
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10960

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yaml

reference_url

https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10960

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10960

reference_url

https://phabricator.wikimedia.org/T246602

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T246602

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1826076
reference_id	1826076
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1826076

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki::::::::
reference_id	cpe:2.3:a:mediawiki:mediawiki::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki::::::::

reference_url

https://github.com/advisories/GHSA-pfm2-mqwj-ggm5

reference_id

GHSA-pfm2-mqwj-ggm5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pfm2-mqwj-ggm5

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2020-10960, GHSA-pfm2-mqwj-ggm5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at9r-vw7p-6bfv

url VCID-azup-qzq7-sbh6

vulnerability_id VCID-azup-qzq7-sbh6

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25814

reference_id

reference_type

scores

value	0.00336
scoring_system	epss
scoring_elements	0.56464
published_at	2026-04-13T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56483
published_at	2026-04-12T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56507
published_at	2026-04-11T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56497
published_at	2026-04-16T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56492
published_at	2026-04-08T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.5646
published_at	2026-04-04T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56437
published_at	2026-04-02T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56339
published_at	2026-04-01T12:55:00Z

value	0.00336
scoring_system	epss
scoring_elements	0.56441
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903774
reference_id	1903774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903774

reference_url

reference_id

GHSA-4vr7-m8p8-434h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12473

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25814, GHSA-4vr7-m8p8-434h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6

url VCID-bbef-akjp-a3gp

vulnerability_id VCID-bbef-akjp-a3gp

summary

Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

references

reference_url

reference_id

reference_type

scores

value	0.00469
scoring_system	epss
scoring_elements	0.64464
published_at	2026-04-01T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64579
published_at	2026-04-16T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64545
published_at	2026-04-13T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64573
published_at	2026-04-12T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64586
published_at	2026-04-11T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.6457
published_at	2026-04-09T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64554
published_at	2026-04-08T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64506
published_at	2026-04-07T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64548
published_at	2026-04-04T12:55:00Z

value	0.00469
scoring_system	epss
scoring_elements	0.64518
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12473

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12473

reference_url

https://phabricator.wikimedia.org/T204729

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T204729

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-33xw-x3pr-rvqj

reference_url

reference_id

GHSA-33xw-x3pr-rvqj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-33xw-x3pr-rvqj

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-12473, GHSA-33xw-x3pr-rvqj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbef-akjp-a3gp

url VCID-brg4-rv29-1fgz

vulnerability_id VCID-brg4-rv29-1fgz

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-27291

reference_id

reference_type

scores

value	0.03141
scoring_system	epss
scoring_elements	0.86827
published_at	2026-04-01T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86856
published_at	2026-04-04T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86837
published_at	2026-04-02T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86882
published_at	2026-04-13T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86887
published_at	2026-04-12T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86891
published_at	2026-04-11T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86879
published_at	2026-04-09T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.8687
published_at	2026-04-08T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.8685
published_at	2026-04-07T12:55:00Z

value	0.034
scoring_system	epss
scoring_elements	0.87433
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1940603
reference_id	1940603
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1940603

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574
reference_id	985574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574

reference_url

reference_id

AVG-1662

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json

reference_url	https://access.redhat.com/errata/RHSA-2021:0781
reference_id	RHSA-2021:0781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0781

reference_url	https://access.redhat.com/errata/RHSA-2021:3252
reference_id	RHSA-2021:3252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3252

reference_url	https://access.redhat.com/errata/RHSA-2021:4139
reference_id	RHSA-2021:4139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4139

reference_url	https://access.redhat.com/errata/RHSA-2021:4150
reference_id	RHSA-2021:4150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4150

reference_url	https://access.redhat.com/errata/RHSA-2021:4151
reference_id	RHSA-2021:4151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4151

reference_url	https://usn.ubuntu.com/4897-1/
reference_id	USN-4897-1
reference_type
scores
url	https://usn.ubuntu.com/4897-1/

reference_url	https://usn.ubuntu.com/4897-2/
reference_id	USN-4897-2
reference_type
scores
url	https://usn.ubuntu.com/4897-2/

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-27291, GHSA-pq64-v7f5-gqh8, PYSEC-2021-141

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brg4-rv29-1fgz

url VCID-c8zy-wsn9-63af

vulnerability_id VCID-c8zy-wsn9-63af

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41799

reference_id

reference_type

scores

value	0.00268
scoring_system	epss
scoring_elements	0.50227
published_at	2026-04-01T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50266
published_at	2026-04-02T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50296
published_at	2026-04-04T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50244
published_at	2026-04-07T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50297
published_at	2026-04-08T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.5029
published_at	2026-04-09T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50317
published_at	2026-04-11T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50291
published_at	2026-04-12T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.5028
published_at	2026-04-13T12:55:00Z

value	0.00268
scoring_system	epss
scoring_elements	0.50324
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009511
reference_id	2009511
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009511

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json

reference_url	https://security.gentoo.org/glsa/202305-24
reference_id	GLSA-202305-24
reference_type
scores
url	https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41799

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8zy-wsn9-63af

url VCID-d6kz-e82q-6kh3

vulnerability_id VCID-d6kz-e82q-6kh3

summary mediawiki: potential XSS via the month messages such as MediaWiki:january through MediaWiki:december outputting Block Logs

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35479

reference_id

reference_type

scores

value	0.0086
scoring_system	epss
scoring_elements	0.74971
published_at	2026-04-01T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.74974
published_at	2026-04-02T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75003
published_at	2026-04-04T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.7498
published_at	2026-04-07T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75014
published_at	2026-04-08T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75025
published_at	2026-04-12T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75046
published_at	2026-04-11T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75015
published_at	2026-04-13T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75051
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909237
reference_id	1909237
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909237

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17368

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35479

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6kz-e82q-6kh3

url VCID-eud3-k24q-6ber

vulnerability_id VCID-eud3-k24q-6ber

summary

Multiple vulnerabilities have been found in Firejail, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

reference_id

reference_type

scores

value	0.0449
scoring_system	epss
scoring_elements	0.89064
published_at	2026-04-01T12:55:00Z

value	0.0449
scoring_system	epss
scoring_elements	0.89073
published_at	2026-04-02T12:55:00Z

value	0.0449
scoring_system	epss
scoring_elements	0.89088
published_at	2026-04-04T12:55:00Z

value	0.0449
scoring_system	epss
scoring_elements	0.8909
published_at	2026-04-07T12:55:00Z

value	0.0449
scoring_system	epss
scoring_elements	0.89108
published_at	2026-04-08T12:55:00Z

value	0.0449
scoring_system	epss
scoring_elements	0.89113
published_at	2026-04-09T12:55:00Z

value	0.0449
scoring_system	epss
scoring_elements	0.89124
published_at	2026-04-11T12:55:00Z

value	0.0449
scoring_system	epss
scoring_elements	0.8912
published_at	2026-04-12T12:55:00Z

value	0.0449
scoring_system	epss
scoring_elements	0.89118
published_at	2026-04-13T12:55:00Z

value	0.0449
scoring_system	epss
scoring_elements	0.89132
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url	https://security.gentoo.org/glsa/202101-02
reference_id	GLSA-202101-02
reference_type
scores
url	https://security.gentoo.org/glsa/202101-02

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2020-17368

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eud3-k24q-6ber

url VCID-fwb3-kxy8-73hz

vulnerability_id VCID-fwb3-kxy8-73hz

summary mediawiki: unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35477

reference_id

reference_type

scores

value	0.00474
scoring_system	epss
scoring_elements	0.64668
published_at	2026-04-01T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6472
published_at	2026-04-02T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64748
published_at	2026-04-04T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64706
published_at	2026-04-07T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64754
published_at	2026-04-08T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64769
published_at	2026-04-09T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64786
published_at	2026-04-11T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64774
published_at	2026-04-12T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64747
published_at	2026-04-13T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64785
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909231
reference_id	1909231
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909231

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12467

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35477

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwb3-kxy8-73hz

url VCID-gma6-b9cy-kqee

vulnerability_id VCID-gma6-b9cy-kqee

summary

MediaWiki Incorrect Access Control vulnerability
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

references

reference_url

reference_id

reference_type

scores

value	0.00298
scoring_system	epss
scoring_elements	0.53118
published_at	2026-04-01T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53235
published_at	2026-04-16T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53198
published_at	2026-04-13T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53214
published_at	2026-04-12T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53229
published_at	2026-04-11T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53178
published_at	2026-04-09T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53185
published_at	2026-04-08T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53131
published_at	2026-04-07T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53163
published_at	2026-04-04T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53139
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12467

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12467

reference_url

https://phabricator.wikimedia.org/T209794

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T209794

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6vfg-8ppv-h5hg

reference_url

reference_id

GHSA-6vfg-8ppv-h5hg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6vfg-8ppv-h5hg

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-12467, GHSA-6vfg-8ppv-h5hg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gma6-b9cy-kqee

url VCID-h8jw-brz8-hkfn

vulnerability_id VCID-h8jw-brz8-hkfn

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25812

reference_id

reference_type

scores

value	0.00371
scoring_system	epss
scoring_elements	0.58954
published_at	2026-04-16T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.5892
published_at	2026-04-13T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58939
published_at	2026-04-12T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58957
published_at	2026-04-11T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58938
published_at	2026-04-09T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58933
published_at	2026-04-08T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58881
published_at	2026-04-07T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58892
published_at	2026-04-02T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58913
published_at	2026-04-04T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58817
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903767
reference_id	1903767
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903767

reference_url

reference_id

GHSA-rj9p-8jxj-2ch4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25812, GHSA-rj9p-8jxj-2ch4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8jw-brz8-hkfn

url VCID-j1bz-4bex-4key

vulnerability_id VCID-j1bz-4bex-4key

summary mediawiki: messages userrights-expiry-current and userrights-expiry-none can contain raw html

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35475

reference_id

reference_type

scores

value	0.00592
scoring_system	epss
scoring_elements	0.69172
published_at	2026-04-01T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69188
published_at	2026-04-02T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69209
published_at	2026-04-04T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.6919
published_at	2026-04-07T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.6924
published_at	2026-04-08T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69259
published_at	2026-04-09T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69281
published_at	2026-04-11T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69266
published_at	2026-04-12T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69238
published_at	2026-04-13T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69277
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909224
reference_id	1909224
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909224

reference_url	https://security.archlinux.org/ASA-202101-22
reference_id	ASA-202101-22
reference_type
scores
url	https://security.archlinux.org/ASA-202101-22

reference_url

reference_id

AVG-1371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-35475

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1bz-4bex-4key

url VCID-k1f5-msra-4kam

vulnerability_id VCID-k1f5-msra-4kam

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30155

reference_id

reference_type

scores

value	0.00318
scoring_system	epss
scoring_elements	0.54898
published_at	2026-04-16T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63422
published_at	2026-04-01T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63482
published_at	2026-04-02T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63509
published_at	2026-04-13T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63473
published_at	2026-04-07T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63525
published_at	2026-04-08T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63542
published_at	2026-04-09T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63558
published_at	2026-04-11T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63543
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948641
reference_id	1948641
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948641

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12471

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30155

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1f5-msra-4kam

url VCID-kjp3-cs2f-t7b4

vulnerability_id VCID-kjp3-cs2f-t7b4

summary

MediaWiki Cross-site Scripting (XSS)
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

references

reference_url

reference_id

reference_type

scores

value	0.00359
scoring_system	epss
scoring_elements	0.57963
published_at	2026-04-01T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58106
published_at	2026-04-16T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58075
published_at	2026-04-13T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58095
published_at	2026-04-12T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58118
published_at	2026-04-11T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58102
published_at	2026-04-09T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58099
published_at	2026-04-08T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58044
published_at	2026-04-07T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.5807
published_at	2026-04-04T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58048
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12471

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12471

reference_url

https://phabricator.wikimedia.org/T207603

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T207603

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2rm7-xxx8-35jh

reference_url

reference_id

GHSA-2rm7-xxx8-35jh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2rm7-xxx8-35jh

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-12471, GHSA-2rm7-xxx8-35jh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjp3-cs2f-t7b4

url VCID-pm5t-23j4-6yh6

vulnerability_id VCID-pm5t-23j4-6yh6

summary

MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25828

reference_id

reference_type

scores

value	0.00387
scoring_system	epss
scoring_elements	0.59859
published_at	2026-04-16T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59839
published_at	2026-04-12T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59856
published_at	2026-04-11T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59835
published_at	2026-04-09T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59822
published_at	2026-04-13T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5977
published_at	2026-04-07T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59801
published_at	2026-04-04T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59777
published_at	2026-04-02T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59703
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25828

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-announce

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-announce

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903776
reference_id	1903776
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903776

reference_url

reference_id

GHSA-h8qx-mj6v-2934

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12468

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25828, GHSA-h8qx-mj6v-2934

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6

url VCID-qmx3-kcnd-zuhe

vulnerability_id VCID-qmx3-kcnd-zuhe

summary

Wikimedia MediaWiki Incorrect Access Control vulnerability
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.

references

reference_url

reference_id

reference_type

scores

value	0.00519
scoring_system	epss
scoring_elements	0.66728
published_at	2026-04-02T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.668
published_at	2026-04-16T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66766
published_at	2026-04-13T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66774
published_at	2026-04-08T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66725
published_at	2026-04-07T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66753
published_at	2026-04-04T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66688
published_at	2026-04-01T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66796
published_at	2026-04-12T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.6681
published_at	2026-04-11T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66789
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-announce

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-announce

reference_url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12468

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12468

reference_url

https://phabricator.wikimedia.org/T197279

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T197279

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-wrhx-3pxr-6vgg

reference_url

reference_id

GHSA-wrhx-3pxr-6vgg

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wrhx-3pxr-6vgg

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-12468, GHSA-wrhx-3pxr-6vgg

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmx3-kcnd-zuhe

url VCID-rwtk-hep1-xfaw

vulnerability_id VCID-rwtk-hep1-xfaw

summary

Multiple vulnerabilities have been found in MediaWiki, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30152

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59116
published_at	2026-04-16T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66938
published_at	2026-04-01T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66976
published_at	2026-04-02T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67001
published_at	2026-04-04T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66975
published_at	2026-04-07T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67024
published_at	2026-04-08T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67036
published_at	2026-04-09T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67056
published_at	2026-04-11T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67041
published_at	2026-04-12T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.6701
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948636
reference_id	1948636
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948636

reference_url

reference_id

AVG-1775

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url	https://security.gentoo.org/glsa/202107-40
reference_id	GLSA-202107-40
reference_type
scores
url	https://security.gentoo.org/glsa/202107-40

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-30152

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwtk-hep1-xfaw

url VCID-sf61-byhw-17gv

vulnerability_id VCID-sf61-byhw-17gv

summary

Mediawiki Improper Privilege Management
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-0503

reference_id

reference_type

scores

value	0.00383
scoring_system	epss
scoring_elements	0.59591
published_at	2026-04-04T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59624
published_at	2026-04-09T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59627
published_at	2026-04-12T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59607
published_at	2026-04-13T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.5964
published_at	2026-04-16T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59643
published_at	2026-04-11T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59493
published_at	2026-04-01T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59566
published_at	2026-04-02T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59611
published_at	2026-04-08T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.5956
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html

reference_url

https://phabricator.wikimedia.org/T169545

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T169545

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1634161
reference_id	1634161
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1634161

reference_url	https://security.archlinux.org/ASA-201809-5
reference_id	ASA-201809-5
reference_type
scores
url	https://security.archlinux.org/ASA-201809-5

reference_url

reference_id

AVG-765

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0503

reference_url

reference_id

CVE-2018-0503

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0503

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml

reference_id

CVE-2018-0503.YAML

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml

reference_url

https://github.com/advisories/GHSA-mhfv-9h99-jwg7

reference_id

GHSA-mhfv-9h99-jwg7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mhfv-9h99-jwg7

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2018-0503, GHSA-mhfv-9h99-jwg7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sf61-byhw-17gv

url VCID-t6w8-cgct-gbgz

vulnerability_id VCID-t6w8-cgct-gbgz

summary

MediaWiki information disclosure
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16738

reference_id

reference_type

scores

value	0.00415
scoring_system	epss
scoring_elements	0.61705
published_at	2026-04-16T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61664
published_at	2026-04-13T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61536
published_at	2026-04-01T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61659
published_at	2026-04-08T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61611
published_at	2026-04-07T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.6164
published_at	2026-04-04T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.6161
published_at	2026-04-02T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61684
published_at	2026-04-12T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61695
published_at	2026-04-11T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61674
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16738

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16738

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16738

reference_url

https://phabricator.wikimedia.org/T230402

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T230402

reference_url

https://seclists.org/bugtraq/2019/Oct/32

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/Oct/32

reference_url

https://www.debian.org/security/2019/dsa-4545

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2019/dsa-4545

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1755762
reference_id	1755762
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1755762

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki::::::::
reference_id	cpe:2.3:a:mediawiki:mediawiki::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url

https://github.com/advisories/GHSA-7hwr-f745-5rwq

reference_id

GHSA-7hwr-f745-5rwq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7hwr-f745-5rwq

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-16738, GHSA-7hwr-f745-5rwq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6w8-cgct-gbgz

url VCID-tq2e-c9ym-a3hj

vulnerability_id VCID-tq2e-c9ym-a3hj

summary

Wikimedia information leak vulnerability
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12474

reference_id

reference_type

scores

value	0.00261
scoring_system	epss
scoring_elements	0.49382
published_at	2026-04-01T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49478
published_at	2026-04-16T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49432
published_at	2026-04-13T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.4943
published_at	2026-04-12T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49458
published_at	2026-04-11T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49441
published_at	2026-04-09T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49446
published_at	2026-04-08T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49391
published_at	2026-04-07T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49438
published_at	2026-04-04T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49411
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12474

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12474

reference_url

https://phabricator.wikimedia.org/T212118

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T212118

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2qrr-c2gh-pr35

reference_url

reference_id

GHSA-2qrr-c2gh-pr35

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2qrr-c2gh-pr35

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-12474, GHSA-2qrr-c2gh-pr35

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tq2e-c9ym-a3hj

url VCID-u2xc-ztge-p3bv

vulnerability_id VCID-u2xc-ztge-p3bv

summary

MediaWiki Incorrect Access Control vulnerability
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12472

reference_id

reference_type

scores

value	0.00151
scoring_system	epss
scoring_elements	0.35821
published_at	2026-04-16T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35707
published_at	2026-04-01T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35905
published_at	2026-04-02T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35935
published_at	2026-04-04T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35765
published_at	2026-04-07T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35816
published_at	2026-04-08T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35838
published_at	2026-04-09T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35845
published_at	2026-04-11T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35805
published_at	2026-04-12T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35782
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12472

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12472

reference_url

https://phabricator.wikimedia.org/T199540

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T199540

reference_url

https://github.com/advisories/GHSA-7mqg-5fgh-xh4r

reference_id

GHSA-7mqg-5fgh-xh4r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7mqg-5fgh-xh4r

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-12472, GHSA-7mqg-5fgh-xh4r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2xc-ztge-p3bv

url VCID-ujdn-y48t-pbch

vulnerability_id VCID-ujdn-y48t-pbch

summary

MediaWiki Special:UserRights exposes the existence of hidden users
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, Special:UserRights exposes the existence of hidden users.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25813

reference_id

reference_type

scores

value	0.00366
scoring_system	epss
scoring_elements	0.58634
published_at	2026-04-16T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.586
published_at	2026-04-13T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.5864
published_at	2026-04-11T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58565
published_at	2026-04-07T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58595
published_at	2026-04-04T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58574
published_at	2026-04-02T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58489
published_at	2026-04-01T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.5862
published_at	2026-04-12T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58623
published_at	2026-04-09T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.58616
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html

reference_url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1903764
reference_id	1903764
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1903764

reference_url

reference_id

GHSA-c4rj-wrmq-52rj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17367

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2020-25813, GHSA-c4rj-wrmq-52rj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujdn-y48t-pbch

url VCID-uzv4-9xtx-ryhr

vulnerability_id VCID-uzv4-9xtx-ryhr

summary

Multiple vulnerabilities have been found in Firejail, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

reference_id

reference_type

scores

value	0.00135
scoring_system	epss
scoring_elements	0.33197
published_at	2026-04-01T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33324
published_at	2026-04-02T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33356
published_at	2026-04-04T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33189
published_at	2026-04-07T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33232
published_at	2026-04-08T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33265
published_at	2026-04-09T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.3327
published_at	2026-04-11T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33229
published_at	2026-04-12T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33206
published_at	2026-04-13T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33246
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url	https://security.gentoo.org/glsa/202101-02
reference_id	GLSA-202101-02
reference_type
scores
url	https://security.gentoo.org/glsa/202101-02

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2020-17367

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzv4-9xtx-ryhr

url VCID-v27j-4pnt-n7h9

vulnerability_id VCID-v27j-4pnt-n7h9

summary

Mediawiki BotPassword can bypass CentralAuth's account lock
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-0505

reference_id

reference_type

scores

value	0.00427
scoring_system	epss
scoring_elements	0.62397
published_at	2026-04-04T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62447
published_at	2026-04-11T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62437
published_at	2026-04-12T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62415
published_at	2026-04-13T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.6246
published_at	2026-04-16T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62428
published_at	2026-04-09T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62309
published_at	2026-04-01T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62367
published_at	2026-04-02T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62411
published_at	2026-04-08T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62362
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0505

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html

reference_url

https://phabricator.wikimedia.org/T194605

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T194605

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1634166
reference_id	1634166
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1634166

reference_url	https://security.archlinux.org/ASA-201809-5
reference_id	ASA-201809-5
reference_type
scores
url	https://security.archlinux.org/ASA-201809-5

reference_url

reference_id

AVG-765

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0505

reference_url

reference_id

CVE-2018-0505

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0505

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml

reference_id

CVE-2018-0505.YAML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml

reference_url

https://github.com/advisories/GHSA-5c6w-f4w2-2grp

reference_id

GHSA-5c6w-f4w2-2grp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5c6w-f4w2-2grp

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2018-0505, GHSA-5c6w-f4w2-2grp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v27j-4pnt-n7h9

url VCID-w3f8-nrqd-p7gq

vulnerability_id VCID-w3f8-nrqd-p7gq

summary

Mediawiki information disclosure vulnerability
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json

reference_url

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-0504

reference_id

reference_type

scores

value	0.01612
scoring_system	epss
scoring_elements	0.81772
published_at	2026-04-12T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.81784
published_at	2026-04-11T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.81765
published_at	2026-04-09T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.8176
published_at	2026-04-08T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.81736
published_at	2026-04-04T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.81733
published_at	2026-04-07T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.81804
published_at	2026-04-16T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.81767
published_at	2026-04-13T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.81702
published_at	2026-04-01T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.81713
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html

reference_url

https://phabricator.wikimedia.org/T187638

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T187638

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0504

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1634168
reference_id	1634168
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1634168

reference_url

reference_id

CVE-2018-0504

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0504

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml

reference_id

CVE-2018-0504.YAML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml

reference_url

https://github.com/advisories/GHSA-hr8v-f4g2-p66f

reference_id

GHSA-hr8v-f4g2-p66f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hr8v-f4g2-p66f

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2018-0504, GHSA-hr8v-f4g2-p66f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w3f8-nrqd-p7gq

url VCID-yr8d-347g-pugg

vulnerability_id VCID-yr8d-347g-pugg

summary

Wikimedia MediaWik exposed suppressed log in RevisionDelete page
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12470

reference_id

reference_type

scores

value	0.00168
scoring_system	epss
scoring_elements	0.37889
published_at	2026-04-01T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.38018
published_at	2026-04-16T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.37973
published_at	2026-04-13T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.38007
published_at	2026-04-08T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.37956
published_at	2026-04-07T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.38074
published_at	2026-04-04T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.3805
published_at	2026-04-02T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.37998
published_at	2026-04-12T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.38034
published_at	2026-04-11T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.38017
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12470

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12470

reference_url

https://phabricator.wikimedia.org/T222038

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T222038

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-733q-m38x-q7cc

reference_url

reference_id

GHSA-733q-m38x-q7cc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-733q-m38x-q7cc

fixed_packages

url pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

purl pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1697-p35n-fber

vulnerability	VCID-1866-gt2g-1qfv

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-at9r-vw7p-6bfv

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-bbef-akjp-a3gp

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-eud3-k24q-6ber

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-gma6-b9cy-kqee

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kjp3-cs2f-t7b4

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qmx3-kcnd-zuhe

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sf61-byhw-17gv

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-t6w8-cgct-gbgz

vulnerability	VCID-tq2e-c9ym-a3hj

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-u2xc-ztge-p3bv

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-uzv4-9xtx-ryhr

vulnerability	VCID-v27j-4pnt-n7h9

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w3f8-nrqd-p7gq

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-yr8d-347g-pugg

100

vulnerability	VCID-z3qw-4ejj-uffj

101

vulnerability	VCID-z8qp-v64u-tuh8

102

vulnerability	VCID-z9d9-aer5-gfa9

103

vulnerability	VCID-zgdf-mxfn-gbea

104

vulnerability	VCID-zj5a-p9u4-ducw

105

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

aliases CVE-2019-12470, GHSA-733q-m38x-q7cc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yr8d-347g-pugg

url VCID-z9d9-aer5-gfa9

vulnerability_id VCID-z9d9-aer5-gfa9

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.39365
published_at	2026-04-16T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39287
published_at	2026-04-07T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39313
published_at	2026-04-13T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39331
published_at	2026-04-12T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39371
published_at	2026-04-11T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39359
published_at	2026-04-09T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39164
published_at	2026-04-01T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39342
published_at	2026-04-08T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.3935
published_at	2026-04-02T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39374
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/

reference_url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
reference_id
reference_type
scores
url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517
reference_id	2009517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517

reference_url

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GHSA-c8wv-qwwc-6j73

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

reference_url

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json

fixed_packages

url pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

purl pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-2xja-2whv-fqe4

vulnerability	VCID-32f4-khen-3yez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4dfp-3qk9-j7fg

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-674z-nf4t-b7ez

vulnerability	VCID-6ads-gs3n-dubh

vulnerability	VCID-73p6-esc6-tydd

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7ar6-14bb-yfc5

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-7j54-uz1w-y3dn

vulnerability	VCID-7m3q-wuh7-k7fn

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-812q-n5hg-u7dx

vulnerability	VCID-8sqw-6aae-13f5

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-92hf-r3sb-jbhy

vulnerability	VCID-9346-9aaj-fkfw

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-9exs-x5s1-4bhg

vulnerability	VCID-9g1g-z7d8-c7ah

vulnerability	VCID-9nnu-4mda-7qg9

vulnerability	VCID-9xyz-wzr8-wqhz

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-ad34-frk5-kqds

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-av7r-cpew-xkcn

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-b8r6-r39r-3ffm

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-c8zy-wsn9-63af

vulnerability	VCID-ckkj-z5nq-akhb

vulnerability	VCID-d6kz-e82q-6kh3

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-ea7c-xk4h-13fs

vulnerability	VCID-eefm-65rj-pyg2

vulnerability	VCID-fnzm-dxb3-v7hr

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-fwb3-kxy8-73hz

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-j1bz-4bex-4key

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-jwkd-wdus-6ygg

vulnerability	VCID-k1f5-msra-4kam

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-m1j5-3ecf-dffj

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-nwsr-ruca-2kha

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-pw9d-1cwb-tyb9

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qjhk-97j6-2qfm

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-qqvd-cjs3-7kab

vulnerability	VCID-qwcp-5hh8-z3gp

vulnerability	VCID-ruur-4cvx-cqct

vulnerability	VCID-rwtk-hep1-xfaw

vulnerability	VCID-rz65-w7x5-57hu

vulnerability	VCID-sc5s-s7vg-dygq

vulnerability	VCID-sca5-n7rz-rffq

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-wzqf-k99e-vbeu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-yakw-r8bh-5bde

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-z9d9-aer5-gfa9

vulnerability	VCID-zj5a-p9u4-ducw

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wcb-hty6-uyez

vulnerability	VCID-3zue-5ccg-23hs

vulnerability	VCID-4yhr-jjt9-afaq

vulnerability	VCID-5myd-ngfx-5qhb

vulnerability	VCID-74ej-8sna-jyek

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-7wh4-say2-pqap

vulnerability	VCID-8uw8-ja3w-r3da

vulnerability	VCID-95d1-mkm6-r3cq

vulnerability	VCID-a8nh-mvhd-bka7

vulnerability	VCID-b5ke-cjtq-q3ev

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-den1-257q-euc9

vulnerability	VCID-e8np-4nbw-t3b3

vulnerability	VCID-fptt-2t1j-8fec

vulnerability	VCID-h3d2-nr9e-nqbk

vulnerability	VCID-h789-pcxv-kbgd

vulnerability	VCID-k7qb-7hbj-1qc2

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-m1xy-yucr-dqfs

vulnerability	VCID-m7uw-sa5j-u3bw

vulnerability	VCID-mbs4-gs37-1fh5

vulnerability	VCID-pm3s-z5ap-qqay

vulnerability	VCID-pwjk-pzpj-aff6

vulnerability	VCID-qpgu-mg6m-vyef

vulnerability	VCID-sr9a-a6vt-1qgt

vulnerability	VCID-tutk-y8jg-n7dh

vulnerability	VCID-v3dp-7stt-tygf

vulnerability	VCID-vjd5-jv5h-yfhw

vulnerability	VCID-w51y-hprj-buap

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-wraf-59ce-u3br

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xtd9-wbd9-67ew

vulnerability	VCID-z3qw-4ejj-uffj

vulnerability	VCID-z8qp-v64u-tuh8

vulnerability	VCID-zmax-894d-5kfd

vulnerability	VCID-ztxx-cc2c-87at

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2

aliases CVE-2021-41800, GHSA-c8wv-qwwc-6j73

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9

url VCID-zgdf-mxfn-gbea

vulnerability_id VCID-zgdf-mxfn-gbea

summary

img_auth.php may leak private extension images into the public cache
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.

references

reference_url

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15005

reference_id

reference_type

scores

value	0.00737
scoring_system	epss
scoring_elements	0.72866
published_at	2026-04-16T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72768
published_at	2026-04-01T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72776
published_at	2026-04-02T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72796
published_at	2026-04-04T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72773
published_at	2026-04-07T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72811
published_at	2026-04-08T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72825
published_at	2026-04-09T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.7285
published_at	2026-04-11T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72833
published_at	2026-04-12T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72824
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url