Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037792?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "type": "deb", "namespace": "debian", "name": "mediawiki", "version": "1:1.31.16-1+deb10u2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:1.39.17-1+deb12u2", "latest_non_vulnerable_version": "1:1.43.8+dfsg-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6299?format=api", "vulnerability_id": "VCID-1na8-nyq1-yfcy", "summary": "An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the \"exception\" keyword.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42583", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42655", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42672", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42708", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42685", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42673", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42682", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42654", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44911", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44961", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44968", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20270" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-9w8r-397f-prfh", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9w8r-397f-prfh" }, { "reference_url": "https://github.com/pygments/pygments", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments" }, { "reference_url": "https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20270" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4889" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664", "reference_id": "984664", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664" }, { "reference_url": "https://security.archlinux.org/AVG-1662", "reference_id": "AVG-1662", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1662" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0781", "reference_id": "RHSA-2021:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3252", "reference_id": "RHSA-2021:3252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4139", "reference_id": "RHSA-2021:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4150", "reference_id": "RHSA-2021:4150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4151", "reference_id": "RHSA-2021:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4151" }, { "reference_url": "https://usn.ubuntu.com/4885-1/", "reference_id": "USN-4885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4885-1/" }, { "reference_url": "https://usn.ubuntu.com/4897-2/", "reference_id": "USN-4897-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4897-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-20270", "GHSA-9w8r-397f-prfh", "PYSEC-2021-140" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1na8-nyq1-yfcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96640?format=api", "vulnerability_id": "VCID-2wcb-hty6-uyez", "summary": "Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63766", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67788", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67805", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67791", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67757", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67793", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67735", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67715", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67767", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.67781", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072" }, { "reference_url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134", "reference_id": "1120134", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:39:44Z/" } ], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134" }, { "reference_url": "https://phabricator.wikimedia.org/T386175", "reference_id": "T386175", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:39:44Z/" } ], "url": "https://phabricator.wikimedia.org/T386175" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-32072" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wcb-hty6-uyez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78031?format=api", "vulnerability_id": "VCID-2xja-2whv-fqe4", "summary": "mediawiki: diff-multi-sameuser (\"X intermediate revisions by the same user not shown\") ignores username suppression", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60186", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60211", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.6018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.6023", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60244", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60234", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60273", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60281", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60267", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247805", "reference_id": "2247805", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247805" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-45362" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xja-2whv-fqe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51028?format=api", "vulnerability_id": "VCID-32f4-khen-3yez", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75081", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75112", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75089", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75123", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75157", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75124", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75287", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75289", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75296", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30159" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948638", "reference_id": "1948638", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948638" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30159" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32f4-khen-3yez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96907?format=api", "vulnerability_id": "VCID-3zue-5ccg-23hs", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20645", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20636", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20647", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33244", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33338", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33279", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.3337", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33202", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.365", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36524", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67480" }, { "reference_url": "https://phabricator.wikimedia.org/T401053", "reference_id": "T401053", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:01:49Z/" } ], "url": "https://phabricator.wikimedia.org/T401053" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67480" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zue-5ccg-23hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58484?format=api", "vulnerability_id": "VCID-424y-cjxg-c7az", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25815", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5985", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59859", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59839", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5977", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59703", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815" }, { "reference_url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25815", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25815" }, { "reference_url": "https://phabricator.wikimedia.org/T256171", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T256171" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903759", "reference_id": "1903759", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903759" }, { "reference_url": "https://github.com/advisories/GHSA-2f58-vf6g-6p8x", "reference_id": "GHSA-2f58-vf6g-6p8x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2f58-vf6g-6p8x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25815", "GHSA-2f58-vf6g-6p8x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-424y-cjxg-c7az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51030?format=api", "vulnerability_id": "VCID-4dfp-3qk9-j7fg", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72618", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72626", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72621", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.7266", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72673", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72696", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72669", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72711", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72723", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72714", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980308", "reference_id": "1980308", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980308" }, { "reference_url": "https://security.archlinux.org/ASA-202107-7", "reference_id": "ASA-202107-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-7" }, { "reference_url": "https://security.archlinux.org/AVG-2093", "reference_id": "AVG-2093", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2093" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-35197" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dfp-3qk9-j7fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96834?format=api", "vulnerability_id": "VCID-4yhr-jjt9-afaq", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61641", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00371", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00385", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00372", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00374", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0056", "published_at": "2026-04-21T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00521", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00526", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00525", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00523", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00524", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641" }, { "reference_url": "https://phabricator.wikimedia.org/T298690", "reference_id": "T298690", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:09:22Z/" } ], "url": "https://phabricator.wikimedia.org/T298690" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61641" ], "risk_score": 0.5, "exploitability": "0.5", "weighted_severity": "1.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yhr-jjt9-afaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77881?format=api", "vulnerability_id": "VCID-5myd-ngfx-5qhb", "summary": "mediawiki: group-.*-member messages are not properly escaped on Special:log/rights", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51704.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60551", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60579", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60548", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60597", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60637", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60622", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60601", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60643", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60648", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60636", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255582", "reference_id": "2255582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255582" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2023-51704" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5myd-ngfx-5qhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55256?format=api", "vulnerability_id": "VCID-674z-nf4t-b7ez", "summary": "Cross-domain cookie leakage in Guzzle\n### Impact\n\nPrevious version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the `Set-Cookie` header, allowing a malicious server to set cookies for unrelated domains. For example an attacker at `www.example.com` might set a session cookie for `api.example.net`, logging the Guzzle client into their account and retrieving private API requests from the security log of their account.\n\nNote that our cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with `['cookies' => true]` are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability.\n\n### Patches\n\nAffected Guzzle 7 users should upgrade to Guzzle 7.4.3 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.6 or 7.4.3.\n\n### Workarounds\n\nIf you do not need support for cookies, turn off the cookie middleware. It is already off by default, but if you have turned it on and no longer need it, turn it off.\n\n### References\n\n* [RFC6265 Section 5.3](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3)\n* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)\n\n### For more information\n\nIf you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70515", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70414", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.7041", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70471", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70495", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.7048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70465", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70507", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab" }, { "reference_url": "https://github.com/guzzle/guzzle/pull/3018", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://github.com/guzzle/guzzle/pull/3018" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29248" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://www.drupal.org/sa-core-2022-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/" } ], "url": "https://www.drupal.org/sa-core-2022-010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636", "reference_id": "1011636", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-cwmx-hcrq-mhc3", "reference_id": "GHSA-cwmx-hcrq-mhc3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwmx-hcrq-mhc3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-29248", "GHSA-cwmx-hcrq-mhc3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-674z-nf4t-b7ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51029?format=api", "vulnerability_id": "VCID-6ads-gs3n-dubh", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.4398", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43932", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44002", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43931", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43954", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43969", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43984", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43982", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58842", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58864", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58859", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki-services-parsoid", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki-services-parsoid" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30458", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30458" }, { "reference_url": "https://phabricator.wikimedia.org/T279451", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T279451" }, { "reference_url": "https://www.mediawiki.org/wiki/Parsoid", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Parsoid" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://github.com/advisories/GHSA-5pqx-77vf-85rw", "reference_id": "GHSA-5pqx-77vf-85rw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pqx-77vf-85rw" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30458", "GHSA-5pqx-77vf-85rw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ads-gs3n-dubh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80688?format=api", "vulnerability_id": "VCID-73p6-esc6-tydd", "summary": "mediawiki: potential XSS via MediaWiki:blanknamespace outputting Block Logs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63353", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63413", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63441", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63406", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63457", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63475", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63492", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63477", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63442", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63483", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63469", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909234", "reference_id": "1909234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909234" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35478" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73p6-esc6-tydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96646?format=api", "vulnerability_id": "VCID-74ej-8sna-jyek", "summary": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68798", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68809", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68819", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68739", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68717", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68768", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68788", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.6881", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68796", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68767", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698" }, { "reference_url": "https://phabricator.wikimedia.org/T385958", "reference_id": "T385958", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:51:46Z/" } ], "url": "https://phabricator.wikimedia.org/T385958" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-32698" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74ej-8sna-jyek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80690?format=api", "vulnerability_id": "VCID-7ar6-14bb-yfc5", "summary": "mediawiki: divergent behavior for contributions and user pages of hidden users and missing users", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56945", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5704", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57039", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5709", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57092", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57104", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57083", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57059", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57086", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5706", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909240", "reference_id": "1909240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909240" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35480" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ar6-14bb-yfc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17014?format=api", "vulnerability_id": "VCID-7eba-7gsc-hbfg", "summary": "X-Forwarded-For header allows brute-forcing autoblocked IP addresses\nAn issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48447", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48449", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48509", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48473", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48448", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48401", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52609", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52594", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7" }, { "reference_url": "https://phabricator.wikimedia.org/T285159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://phabricator.wikimedia.org/T285159" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5447", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5447" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627", "reference_id": "2183627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141", "reference_id": "CVE-2023-29141", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141" }, { "reference_url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6", "reference_id": "GHSA-5vj8-g3qg-4qh6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/", "reference_id": "ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/", "reference_id": "ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-29141", "GHSA-5vj8-g3qg-4qh6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90959?format=api", "vulnerability_id": "VCID-7j54-uz1w-y3dn", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5935", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59293", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59281", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59332", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59345", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59364", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59348", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59362", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59369", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41801" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7j54-uz1w-y3dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51024?format=api", "vulnerability_id": "VCID-7m3q-wuh7-k7fn", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74316", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74306", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78172", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78154", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78181", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78187", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78212", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78195", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78133", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946690", "reference_id": "1946690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946690" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30154" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m3q-wuh7-k7fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96839?format=api", "vulnerability_id": "VCID-7wh4-say2-pqap", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61656", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05235", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06029", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06064", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06021", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06179", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14413", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14276", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14358", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14403", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61656" }, { "reference_url": "https://phabricator.wikimedia.org/T397232", "reference_id": "T397232", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:00:27Z/" } ], "url": "https://phabricator.wikimedia.org/T397232" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61656" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wh4-say2-pqap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80686?format=api", "vulnerability_id": "VCID-812q-n5hg-u7dx", "summary": "mediawiki: message recentchanges-legend-watchlistexpiry can contain raw html", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64378", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64432", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64462", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64422", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64486", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64501", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64495", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64507", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64499", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909227", "reference_id": "1909227", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909227" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35474" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-812q-n5hg-u7dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51026?format=api", "vulnerability_id": "VCID-8sqw-6aae-13f5", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72796", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72793", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72804", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.76995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77005", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77076", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77055", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.7705", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.76989", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77024", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946692", "reference_id": "1946692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946692" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30157" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqw-6aae-13f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64772?format=api", "vulnerability_id": "VCID-8uw8-ja3w-r3da", "summary": "MediaWiki: MediaWiki: Cross-site Scripting (XSS) vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11261.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11261.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11261", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00267", "published_at": "2026-04-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00261", "published_at": "2026-04-08T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00259", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0037", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00347", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00343", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0035", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11261" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436168", "reference_id": "2436168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436168" }, { "reference_url": "https://phabricator.wikimedia.org/T402077", "reference_id": "T402077", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:05Z/" } ], "url": "https://phabricator.wikimedia.org/T402077" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-11261" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uw8-ja3w-r3da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31065?format=api", "vulnerability_id": "VCID-92hf-r3sb-jbhy", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.6389", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.6395", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64019", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64016", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64002", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63972", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64007", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63977", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63987", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156318", "reference_id": "2156318", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156318" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:51:07Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T293589", "reference_id": "T293589", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:51:07Z/" } ], "url": "https://phabricator.wikimedia.org/T293589" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44855" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92hf-r3sb-jbhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31079?format=api", "vulnerability_id": "VCID-9346-9aaj-fkfw", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49129", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49088", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49138", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49118", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49163", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49161", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.4907", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49121", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156329", "reference_id": "2156329", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156329" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:24:49Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T309894", "reference_id": "T309894", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:24:49Z/" } ], "url": "https://phabricator.wikimedia.org/T309894" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-41765" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9346-9aaj-fkfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96891?format=api", "vulnerability_id": "VCID-95d1-mkm6-r3cq", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6591", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02371", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02275", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02062", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02064", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02066", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02299", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02268", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6591" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6591", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6591" }, { "reference_url": "https://phabricator.wikimedia.org/T392276", "reference_id": "T392276", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T15:32:29Z/" } ], "url": "https://phabricator.wikimedia.org/T392276" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6591" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95d1-mkm6-r3cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54173?format=api", "vulnerability_id": "VCID-9exs-x5s1-4bhg", "summary": "Failure to strip the Cookie header on change in host or HTTP downgrade\n### Impact\n\n`Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there.\n\n### Patches\n\nAffected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.\n\n### Workarounds\n\nAn alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.\n\n### References\n\n* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)\n\n### For more information\n\nIf you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80753", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80841", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80801", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80809", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80824", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80807", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80799", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80774", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31042" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://www.drupal.org/sa-core-2022-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://www.drupal.org/sa-core-2022-011" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/" } ], "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821", "reference_id": "1012821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-f2wf-25xc-69c9", "reference_id": "GHSA-f2wf-25xc-69c9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2wf-25xc-69c9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-31042", "GHSA-f2wf-25xc-69c9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9exs-x5s1-4bhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32819?format=api", "vulnerability_id": "VCID-9g1g-z7d8-c7ah", "summary": "Regular Expression Denial of Service in papaparse\nVersions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 5.2.0 or later.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62458", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6237", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62474", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62467", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62423", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62445", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62455", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62436", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62317", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62375", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62419", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649" }, { "reference_url": "https://github.com/mholt/PapaParse", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse" }, { "reference_url": "https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621" }, { "reference_url": "https://github.com/mholt/PapaParse/issues/777", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse/issues/777" }, { "reference_url": "https://github.com/mholt/PapaParse/pull/779", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse/pull/779" }, { "reference_url": "https://github.com/mholt/PapaParse/releases/tag/5.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mholt/PapaParse/releases/tag/5.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36649", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36649" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258" }, { "reference_url": "https://vuldb.com/?ctiid.218004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuldb.com/?ctiid.218004" }, { "reference_url": "https://vuldb.com/?id.218004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuldb.com/?id.218004" }, { "reference_url": "https://www.npmjs.com/advisories/1515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/1515" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160359", "reference_id": "2160359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160359" }, { "reference_url": "https://github.com/advisories/GHSA-qvjc-g5vr-mfgr", "reference_id": "GHSA-qvjc-g5vr-mfgr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvjc-g5vr-mfgr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-36649", "GHSA-qvjc-g5vr-mfgr", "GMS-2020-421" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9g1g-z7d8-c7ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31061?format=api", "vulnerability_id": "VCID-9nnu-4mda-7qg9", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36614", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36769", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36637", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36653", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36698", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3668", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3662", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009507", "reference_id": "2009507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009507" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41798" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nnu-4mda-7qg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31075?format=api", "vulnerability_id": "VCID-9xyz-wzr8-wqhz", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86548", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86599", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86594", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.8658", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86529", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86591", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86576", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86567", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03005", "scoring_system": "epss", "scoring_elements": "0.86547", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md" }, { "reference_url": "https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31090" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492", "reference_id": "1014492", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-25mq-v84q-4j7r", "reference_id": "GHSA-25mq-v84q-4j7r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-25mq-v84q-4j7r" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-31090", "GHSA-25mq-v84q-4j7r", "GMS-2022-2528" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyz-wzr8-wqhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64779?format=api", "vulnerability_id": "VCID-a8nh-mvhd-bka7", "summary": "MediaWiki: MediaWiki: Vulnerability in authentication management", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6597.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6597.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05644", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05684", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05716", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05743", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05932", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06083", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05974", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05965", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05955", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05921", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6597" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436116", "reference_id": "2436116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436116" }, { "reference_url": "https://phabricator.wikimedia.org/T389009", "reference_id": "T389009", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:12:25Z/" } ], "url": "https://phabricator.wikimedia.org/T389009" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6597" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8nh-mvhd-bka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51027?format=api", "vulnerability_id": "VCID-ad34-frk5-kqds", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.69775", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.69784", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.69794", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69801", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69793", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69856", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69879", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69864", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69851", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69788", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69816", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946698", "reference_id": "1946698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946698" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30158" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ad34-frk5-kqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59672?format=api", "vulnerability_id": "VCID-arzd-7xhw-qqb4", "summary": "OATHAuth extension in MediaWiki is not implementing rate limit\nAn issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46991", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47042", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46983", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4697", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47046", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4701", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46985", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25827" }, { "reference_url": "https://phabricator.wikimedia.org/T251661", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T251661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903761", "reference_id": "1903761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903761" }, { "reference_url": "https://github.com/advisories/GHSA-rqvj-fc2x-99q6", "reference_id": "GHSA-rqvj-fc2x-99q6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqvj-fc2x-99q6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25827", "GHSA-rqvj-fc2x-99q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arzd-7xhw-qqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31070?format=api", "vulnerability_id": "VCID-av7r-cpew-xkcn", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45038", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55952", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56064", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56084", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56063", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56114", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56119", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56108", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56091", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56126", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56128", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56098", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036704", "reference_id": "2036704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036704" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-45038" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-av7r-cpew-xkcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57632?format=api", "vulnerability_id": "VCID-azup-qzq7-sbh6", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nIn MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href =\"javascript... that executes when clicked.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56468", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56498", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56464", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56507", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5646", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56492", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56437", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56339", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25814" }, { "reference_url": "https://phabricator.wikimedia.org/T86738", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T86738" }, { "reference_url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903774", "reference_id": "1903774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903774" }, { "reference_url": "https://github.com/advisories/GHSA-4vr7-m8p8-434h", "reference_id": "GHSA-4vr7-m8p8-434h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vr7-m8p8-434h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25814", "GHSA-4vr7-m8p8-434h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96893?format=api", "vulnerability_id": "VCID-b5ke-cjtq-q3ev", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6595", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00422", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00317", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00316", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00428", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00423", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6595" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6595", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6595" }, { "reference_url": "https://phabricator.wikimedia.org/T394863", "reference_id": "T394863", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T19:53:03Z/" } ], "url": "https://phabricator.wikimedia.org/T394863" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6595" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5ke-cjtq-q3ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78306?format=api", "vulnerability_id": "VCID-b8r6-r39r-3ffm", "summary": "MediaWiki: Manualthumb bypasses badFile lookup", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13455", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13321", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13383", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13243", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13241", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13518", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13312", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13394", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13444", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13418", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233116", "reference_id": "2233116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233116" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/", "reference_id": "2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/", "reference_id": "6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/", "reference_id": "DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/" }, { "reference_url": "https://phabricator.wikimedia.org/T335612", "reference_id": "T335612", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/" } ], "url": "https://phabricator.wikimedia.org/T335612" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-36674" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8r6-r39r-3ffm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6290?format=api", "vulnerability_id": "VCID-brg4-rv29-1fgz", "summary": "In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86827", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86882", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86887", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86891", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86879", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.8687", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.8685", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86856", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86837", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.034", "scoring_system": "epss", "scoring_elements": "0.87436", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.034", "scoring_system": "epss", "scoring_elements": "0.87433", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.034", "scoring_system": "epss", "scoring_elements": "0.8743", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce" }, { "reference_url": "https://github.com/advisories/GHSA-pq64-v7f5-gqh8", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pq64-v7f5-gqh8" }, { "reference_url": "https://github.com/pygments/pygments", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments" }, { "reference_url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27291" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4878", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4878" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4889" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940603", "reference_id": "1940603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940603" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574", "reference_id": "985574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574" }, { "reference_url": "https://security.archlinux.org/AVG-1662", "reference_id": "AVG-1662", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1662" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0781", "reference_id": "RHSA-2021:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3252", "reference_id": "RHSA-2021:3252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4139", "reference_id": "RHSA-2021:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4150", "reference_id": "RHSA-2021:4150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4151", "reference_id": "RHSA-2021:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4151" }, { "reference_url": "https://usn.ubuntu.com/4897-1/", "reference_id": "USN-4897-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4897-1/" }, { "reference_url": "https://usn.ubuntu.com/4897-2/", "reference_id": "USN-4897-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4897-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-27291", "GHSA-pq64-v7f5-gqh8", "PYSEC-2021-141" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brg4-rv29-1fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31062?format=api", "vulnerability_id": "VCID-c8zy-wsn9-63af", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50227", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50296", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50244", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50297", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5029", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50317", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50291", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5028", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50324", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50325", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50299", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009511", "reference_id": "2009511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009511" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41799" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8zy-wsn9-63af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31067?format=api", "vulnerability_id": "VCID-ckkj-z5nq-akhb", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35492", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35517", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.354", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35446", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35471", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35481", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35438", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35414", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35454", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35442", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3539", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036702", "reference_id": "2036702", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036702" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44857" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckkj-z5nq-akhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80689?format=api", "vulnerability_id": "VCID-d6kz-e82q-6kh3", "summary": "mediawiki: potential XSS via the month messages such as MediaWiki:january through MediaWiki:december outputting Block Logs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.74971", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.74974", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.7498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75014", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75025", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75046", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75015", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75051", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75059", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75048", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909237", "reference_id": "1909237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909237" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35479" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6kz-e82q-6kh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96837?format=api", "vulnerability_id": "VCID-den1-257q-euc9", "summary": "Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25053", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25092", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24867", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24936", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24981", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24995", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25581", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25538", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25566", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25636", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25579", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653" }, { "reference_url": "https://phabricator.wikimedia.org/T397577", "reference_id": "T397577", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T20:59:18Z/" } ], "url": "https://phabricator.wikimedia.org/T397577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61653" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-den1-257q-euc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96449?format=api", "vulnerability_id": "VCID-e8np-4nbw-t3b3", "summary": "Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03696", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03658", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03936", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03948", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03986", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173" }, { "reference_url": "https://phabricator.wikimedia.org/T401862", "reference_id": "T401862", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:50Z/" } ], "url": "https://phabricator.wikimedia.org/T401862" }, { "reference_url": "https://phabricator.wikimedia.org/T402094", "reference_id": "T402094", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:50Z/" } ], "url": "https://phabricator.wikimedia.org/T402094" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-11173" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8np-4nbw-t3b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78071?format=api", "vulnerability_id": "VCID-ea7c-xk4h-13fs", "summary": "mediawiki: stored XSS leads to privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.4022", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40127", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40167", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40244", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40205", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40187", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40235", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240807", "reference_id": "2240807", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240807" }, { "reference_url": "https://fluidattacks.com/advisories/blondie/", "reference_id": "blondie", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/" } ], "url": "https://fluidattacks.com/advisories/blondie/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/", "reference_id": "FU2FGUXXK6TMV6R52VRECLC6XCSQQISY", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/" }, { "reference_url": "https://www.mediawiki.org/wiki/MediaWiki/", "reference_id": "MediaWiki", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/" } ], "url": "https://www.mediawiki.org/wiki/MediaWiki/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-3550" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ea7c-xk4h-13fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31068?format=api", "vulnerability_id": "VCID-eefm-65rj-pyg2", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61568", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61642", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61673", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61643", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61692", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61729", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61739", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61744", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61727", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036698", "reference_id": "2036698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036698" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44858" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eefm-65rj-pyg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94711?format=api", "vulnerability_id": "VCID-fnzm-dxb3-v7hr", "summary": "An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41615", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4157", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4163", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41619", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41605", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46018", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57012", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57034", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html", "reference_id": "094418.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://phabricator.wikimedia.org/T270453", "reference_id": "T270453", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/" } ], "url": "https://phabricator.wikimedia.org/T270453" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/", "reference_id": "XYBF5RSTJRMVCP7QBYK7643W75A3KCIY", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30153" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnzm-dxb3-v7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96833?format=api", "vulnerability_id": "VCID-fptt-2t1j-8fec", "summary": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61639", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00496", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00491", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00489", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00678", "published_at": "2026-04-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00716", "published_at": "2026-04-21T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00685", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00677", "published_at": "2026-04-18T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00671", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61639" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639" }, { "reference_url": "https://phabricator.wikimedia.org/T280413", "reference_id": "T280413", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:10:07Z/" } ], "url": "https://phabricator.wikimedia.org/T280413" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61639" ], "risk_score": 0.5, "exploitability": "0.5", "weighted_severity": "1.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fptt-2t1j-8fec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80687?format=api", "vulnerability_id": "VCID-fwb3-kxy8-73hz", "summary": "mediawiki: unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64668", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.6472", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64748", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64754", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64769", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64785", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64795", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64782", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909231", "reference_id": "1909231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909231" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35477" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwb3-kxy8-73hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96917?format=api", "vulnerability_id": "VCID-h3d2-nr9e-nqbk", "summary": "Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24479", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24424", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24382", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24343", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24332", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24513", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24296", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24363", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24407", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25501", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6926" }, { "reference_url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117", "reference_id": "1165117", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-03T17:40:14Z/" } ], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117" }, { "reference_url": "https://phabricator.wikimedia.org/T389010", "reference_id": "T389010", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-03T17:40:14Z/" } ], "url": "https://phabricator.wikimedia.org/T389010" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6926" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h3d2-nr9e-nqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96890?format=api", "vulnerability_id": "VCID-h789-pcxv-kbgd", "summary": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6590", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01796", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01706", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01527", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01531", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01538", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01541", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01727", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01716", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01705", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6590", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6590" }, { "reference_url": "https://phabricator.wikimedia.org/T392746", "reference_id": "T392746", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:11:34Z/" } ], "url": "https://phabricator.wikimedia.org/T392746" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6590" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h789-pcxv-kbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57902?format=api", "vulnerability_id": "VCID-h8jw-brz8-hkfn", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58937", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58958", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58939", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58938", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58933", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58881", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58817", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58913", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58892", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25812" }, { "reference_url": "https://phabricator.wikimedia.org/T255918", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T255918" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903767", "reference_id": "1903767", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903767" }, { "reference_url": "https://github.com/advisories/GHSA-rj9p-8jxj-2ch4", "reference_id": "GHSA-rj9p-8jxj-2ch4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rj9p-8jxj-2ch4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25812", "GHSA-rj9p-8jxj-2ch4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8jw-brz8-hkfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80685?format=api", "vulnerability_id": "VCID-j1bz-4bex-4key", "summary": "mediawiki: messages userrights-expiry-current and userrights-expiry-none can contain raw html", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69172", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69188", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.6919", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.6924", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69266", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69238", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69277", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69285", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69265", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909224", "reference_id": "1909224", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909224" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35475" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1bz-4bex-4key" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19329?format=api", "vulnerability_id": "VCID-jm7q-2w3j-buhh", "summary": "MediaWiki Denial of Service vulnerability\nAn issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93464", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93458", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93407", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93452", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93427", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html" }, { "reference_url": "https://phabricator.wikimedia.org/T333050", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://phabricator.wikimedia.org/T333050" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363", "reference_id": "CVE-2023-45363", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363" }, { "reference_url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9", "reference_id": "GHSA-w5fx-cx7f-6vr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-45363", "GHSA-w5fx-cx7f-6vr9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31082?format=api", "vulnerability_id": "VCID-jwkd-wdus-6ygg", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1637", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16248", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16432", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16315", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16379", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16362", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16323", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16191", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1621", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160625", "reference_id": "2160625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160625" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/", "reference_id": "AP65YEN762IBNQPOYGUVLTQIDLM5XD2A", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html", "reference_id": "msg00011.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html" }, { "reference_url": "https://phabricator.wikimedia.org/T322637", "reference_id": "T322637", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://phabricator.wikimedia.org/T322637" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/", "reference_id": "UEMW64LVEH3BEXCJV43CVS6XPYURKWU3", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-47927" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwkd-wdus-6ygg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51025?format=api", "vulnerability_id": "VCID-k1f5-msra-4kam", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5488", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54901", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63482", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63473", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63542", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63558", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63543", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63422", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63509", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948641", "reference_id": "1948641", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948641" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30155" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1f5-msra-4kam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64778?format=api", "vulnerability_id": "VCID-k7qb-7hbj-1qc2", "summary": "MediaWiki: MediaWiki: Cross-site Scripting vulnerability via improper input neutralization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6594.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6594.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6594", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00317", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00422", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00316", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00428", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6594" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6594", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6594" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436122", "reference_id": "2436122", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436122" }, { "reference_url": "https://phabricator.wikimedia.org/T395063", "reference_id": "T395063", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T19:57:15Z/" } ], "url": "https://phabricator.wikimedia.org/T395063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6594" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7qb-7hbj-1qc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31071?format=api", "vulnerability_id": "VCID-m1j5-3ecf-dffj", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69088", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69043", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69083", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69092", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72322", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.7234", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72356", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72368", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074123", "reference_id": "2074123", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074123" }, { "reference_url": "https://security.archlinux.org/AVG-2677", "reference_id": "AVG-2677", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2677" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-28202" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1j5-3ecf-dffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96831?format=api", "vulnerability_id": "VCID-m1xy-yucr-dqfs", "summary": "Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit: *.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03696", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03948", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03936", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635" }, { "reference_url": "https://phabricator.wikimedia.org/T355073", "reference_id": "T355073", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M/U:Amber" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:13:27Z/" } ], "url": "https://phabricator.wikimedia.org/T355073" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61635" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1xy-yucr-dqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96908?format=api", "vulnerability_id": "VCID-m7uw-sa5j-u3bw", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01314", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01999", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01915", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01941", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0573", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05765", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05689", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67481" }, { "reference_url": "https://phabricator.wikimedia.org/T251032", "reference_id": "T251032", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:13Z/" } ], "url": "https://phabricator.wikimedia.org/T251032" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67481" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7uw-sa5j-u3bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96836?format=api", "vulnerability_id": "VCID-mbs4-gs37-1fh5", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61646", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00396", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00385", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00382", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00383", "published_at": "2026-04-09T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00548", "published_at": "2026-04-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00587", "published_at": "2026-04-21T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00547", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0055", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00545", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61646" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646" }, { "reference_url": "https://phabricator.wikimedia.org/T398706", "reference_id": "T398706", "reference_type": "", "scores": [ { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:04:40Z/" } ], "url": "https://phabricator.wikimedia.org/T398706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61646" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbs4-gs37-1fh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54061?format=api", "vulnerability_id": "VCID-nwsr-ruca-2kha", "summary": "Fix failure to strip Authorization header on HTTP downgrade\n### Impact\n\n`Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host.\n\n### Patches\n\nAffected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.\n\n### Workarounds\n\nAn alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.\n\n### References\n\n* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)\n\n### For more information\n\nIf you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80753", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80841", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80801", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80809", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80824", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80807", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80799", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80774", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31043" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://www.drupal.org/sa-core-2022-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://www.drupal.org/sa-core-2022-011" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/" } ], "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821", "reference_id": "1012821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-w248-ffj2-4v5q", "reference_id": "GHSA-w248-ffj2-4v5q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w248-ffj2-4v5q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-31043", "GHSA-w248-ffj2-4v5q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwsr-ruca-2kha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64776?format=api", "vulnerability_id": "VCID-pm3s-z5ap-qqay", "summary": "MediaWiki: MediaWiki: Arbitrary code execution via Cross-site Scripting (XSS)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61640.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61640.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61640", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00267", "published_at": "2026-04-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00261", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00347", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00343", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0037", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00353", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0035", "published_at": "2026-04-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00348", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436106", "reference_id": "2436106", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436106" }, { "reference_url": "https://phabricator.wikimedia.org/T402075", "reference_id": "T402075", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:09:45Z/" } ], "url": "https://phabricator.wikimedia.org/T402075" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61640" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pm3s-z5ap-qqay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57414?format=api", "vulnerability_id": "VCID-pm5t-23j4-6yh6", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5985", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59859", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59839", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59703", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5977", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59801", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25828" }, { "reference_url": "https://phabricator.wikimedia.org/T115888", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T115888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903776", "reference_id": "1903776", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903776" }, { "reference_url": "https://github.com/advisories/GHSA-h8qx-mj6v-2934", "reference_id": "GHSA-h8qx-mj6v-2934", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8qx-mj6v-2934" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25828", "GHSA-h8qx-mj6v-2934" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95128?format=api", "vulnerability_id": "VCID-pw9d-1cwb-tyb9", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20656", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20849", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20907", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20621", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20697", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20777", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20733", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20682", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20668", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20665", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-28201" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pw9d-1cwb-tyb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96647?format=api", "vulnerability_id": "VCID-pwjk-pzpj-aff6", "summary": "Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55778", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.6033", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60333", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60341", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60241", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.6029", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60312", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60293", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699" }, { "reference_url": "https://phabricator.wikimedia.org/T387130", "reference_id": "T387130", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/RE:M/U:Amber" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:51:20Z/" } ], "url": "https://phabricator.wikimedia.org/T387130" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-32699" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwjk-pzpj-aff6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31064?format=api", "vulnerability_id": "VCID-qjhk-97j6-2qfm", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40491", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40484", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40599", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40562", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40543", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40591", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4056", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4052", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40581", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156316", "reference_id": "2156316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156316" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:53:28Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T292763", "reference_id": "T292763", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:53:28Z/" } ], "url": "https://phabricator.wikimedia.org/T292763" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44854" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhk-97j6-2qfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96909?format=api", "vulnerability_id": "VCID-qpgu-mg6m-vyef", "summary": "Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05245", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05277", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05303", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05359", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0567", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05507", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05554", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05547", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67482" }, { "reference_url": "https://phabricator.wikimedia.org/T408135", "reference_id": "T408135", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:14Z/" } ], "url": "https://phabricator.wikimedia.org/T408135" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67482" ], "risk_score": 0.5, "exploitability": "0.5", "weighted_severity": "1.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpgu-mg6m-vyef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31078?format=api", "vulnerability_id": "VCID-qqvd-cjs3-7kab", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46482", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46502", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46452", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4653", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46511", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46568", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46565", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46512", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112772", "reference_id": "2112772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112772" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-34912" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqvd-cjs3-7kab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31081?format=api", "vulnerability_id": "VCID-qwcp-5hh8-z3gp", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47785", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47754", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47773", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47798", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47784", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47839", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47723", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47777", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156331", "reference_id": "2156331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156331" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:22:46Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T316304", "reference_id": "T316304", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:22:46Z/" } ], "url": "https://phabricator.wikimedia.org/T316304" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-41767" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwcp-5hh8-z3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78316?format=api", "vulnerability_id": "VCID-ruur-4cvx-cqct", "summary": "mediawiki: cross site scripting", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66994", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67057", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67055", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67074", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6706", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67062", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67076", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67019", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67042", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40", "reference_id": "1.40#Other_changes_in_1.40", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217428", "reference_id": "2217428", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217428" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/", "reference_id": "2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/", "reference_id": "6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/", "reference_id": "DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/" }, { "reference_url": "https://phabricator.wikimedia.org/T332889", "reference_id": "T332889", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/" } ], "url": "https://phabricator.wikimedia.org/T332889" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-36675" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruur-4cvx-cqct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51023?format=api", "vulnerability_id": "VCID-rwtk-hep1-xfaw", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59101", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59121", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67036", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67056", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67041", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6701", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66938", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67001", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948636", "reference_id": "1948636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948636" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30152" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwtk-hep1-xfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31077?format=api", "vulnerability_id": "VCID-rz65-w7x5-57hu", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62828", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62822", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62873", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62907", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62897", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62875", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62915", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62923", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62902", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112770", "reference_id": "2112770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112770" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-34911" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rz65-w7x5-57hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76439?format=api", "vulnerability_id": "VCID-sc5s-s7vg-dygq", "summary": "mediawiki: denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38284", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38346", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38321", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38369", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38348", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3842", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38444", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38308", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38358", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38367", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38383", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279231", "reference_id": "2279231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279231" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/", "reference_id": "FU2FGUXXK6TMV6R52VRECLC6XCSQQISY", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/" }, { "reference_url": "https://phabricator.wikimedia.org/T357760", "reference_id": "T357760", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/" } ], "url": "https://phabricator.wikimedia.org/T357760" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2024-34506" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sc5s-s7vg-dygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31066?format=api", "vulnerability_id": "VCID-sca5-n7rz-rffq", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38942", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39032", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39153", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39116", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39096", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39151", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39121", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3915", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39069", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39141", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156326", "reference_id": "2156326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156326" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:49:08Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://phabricator.wikimedia.org/T271037", "reference_id": "T271037", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:49:08Z/" } ], "url": "https://phabricator.wikimedia.org/T271037" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-44856" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sca5-n7rz-rffq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96832?format=api", "vulnerability_id": "VCID-sr9a-a6vt-1qgt", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61638", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00312", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00323", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00311", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00321", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00463", "published_at": "2026-04-21T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00428", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00433", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00437", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00431", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638" }, { "reference_url": "https://phabricator.wikimedia.org/T401099", "reference_id": "T401099", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:10:22Z/" } ], "url": "https://phabricator.wikimedia.org/T401099" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61638" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sr9a-a6vt-1qgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96906?format=api", "vulnerability_id": "VCID-tutk-y8jg-n7dh", "summary": "Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05376", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0554", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05372", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05583", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0551", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05579", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05607", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05546", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05545", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05811", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05818", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67478" }, { "reference_url": "https://phabricator.wikimedia.org/T385403", "reference_id": "T385403", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:08Z/" } ], "url": "https://phabricator.wikimedia.org/T385403" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67478" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tutk-y8jg-n7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55339?format=api", "vulnerability_id": "VCID-ujdn-y48t-pbch", "summary": "MediaWiki Special:UserRights exposes the existence of hidden users\nIn MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, Special:UserRights exposes the existence of hidden users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58639", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5864", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58565", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58595", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58574", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58489", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58623", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58616", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://meta.wikimedia.org/wiki/Special:UserRights", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://meta.wikimedia.org/wiki/Special:UserRights" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25813" }, { "reference_url": "https://phabricator.wikimedia.org/T232568", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T232568" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903764", "reference_id": "1903764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903764" }, { "reference_url": "https://github.com/advisories/GHSA-c4rj-wrmq-52rj", "reference_id": "GHSA-c4rj-wrmq-52rj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4rj-wrmq-52rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25813", "GHSA-c4rj-wrmq-52rj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujdn-y48t-pbch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64768?format=api", "vulnerability_id": "VCID-v3dp-7stt-tygf", "summary": "MediaWiki: MediaWiki: Cross-site Scripting vulnerability due to improper input neutralization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01642", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02532", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02425", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02432", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06192", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06288", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06223", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06247", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67475" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436176", "reference_id": "2436176", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436176" }, { "reference_url": "https://phabricator.wikimedia.org/T406664", "reference_id": "T406664", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:07Z/" } ], "url": "https://phabricator.wikimedia.org/T406664" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67475" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3dp-7stt-tygf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96838?format=api", "vulnerability_id": "VCID-vjd5-jv5h-yfhw", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04535", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05502", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05492", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05664", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13121", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13002", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13067", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61655" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61655", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61655" }, { "reference_url": "https://phabricator.wikimedia.org/T395858", "reference_id": "T395858", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:00:47Z/" } ], "url": "https://phabricator.wikimedia.org/T395858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61655" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjd5-jv5h-yfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96644?format=api", "vulnerability_id": "VCID-w51y-hprj-buap", "summary": "Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50697", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55749", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55771", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55704", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55755", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55767", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55748", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696" }, { "reference_url": "https://phabricator.wikimedia.org/T304474", "reference_id": "T304474", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:06:02Z/" } ], "url": "https://phabricator.wikimedia.org/T304474" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-32696" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w51y-hprj-buap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64771?format=api", "vulnerability_id": "VCID-wraf-59ce-u3br", "summary": "MediaWiki: MediaWiki: Vulnerability in parsing and sanitization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05245", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05277", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05303", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05337", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05359", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0567", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05507", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05554", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05547", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436184", "reference_id": "2436184", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436184" }, { "reference_url": "https://phabricator.wikimedia.org/T407131", "reference_id": "T407131", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:19Z/" } ], "url": "https://phabricator.wikimedia.org/T407131" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67479" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wraf-59ce-u3br" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31076?format=api", "vulnerability_id": "VCID-wzqf-k99e-vbeu", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.5672", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56768", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.5674", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56761", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56784", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56771", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56719", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56741", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml" }, { "reference_url": "https://github.com/guzzle/guzzle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/guzzle" }, { "reference_url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/" } ], "url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" }, { "reference_url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/" } ], "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31091" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5246" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492", "reference_id": "1014492", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" }, { "reference_url": "https://github.com/advisories/GHSA-q559-8m2m-g699", "reference_id": "GHSA-q559-8m2m-g699", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q559-8m2m-g699" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/" } ], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-31091", "GHSA-q559-8m2m-g699", "GMS-2022-2529" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzqf-k99e-vbeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96892?format=api", "vulnerability_id": "VCID-xtd9-wbd9-67ew", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6593", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03661", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03696", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03948", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03936", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6593", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6593" }, { "reference_url": "https://phabricator.wikimedia.org/T396230", "reference_id": "T396230", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T14:42:43Z/" } ], "url": "https://phabricator.wikimedia.org/T396230" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-6593" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtd9-wbd9-67ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95129?format=api", "vulnerability_id": "VCID-yakw-r8bh-5bde", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61852", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61751", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61781", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61835", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61823", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61803", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.61847", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767" }, { "reference_url": "https://security.archlinux.org/AVG-2823", "reference_id": "AVG-2823", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2823" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2022-28203" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yakw-r8bh-5bde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96662?format=api", "vulnerability_id": "VCID-z3qw-4ejj-uffj", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62921", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.6693", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66932", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66947", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.6689", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66863", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66911", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66925", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66945", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66931", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66899", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469" }, { "reference_url": "https://phabricator.wikimedia.org/T358689", "reference_id": "T358689", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:06:28Z/" } ], "url": "https://phabricator.wikimedia.org/T358689" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-3469" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3qw-4ejj-uffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64767?format=api", "vulnerability_id": "VCID-z8qp-v64u-tuh8", "summary": "MediaWiki: MediaWiki: Vulnerability in ApiFormatXml.Php requiring high privileges", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09518", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09366", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09368", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09879", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09933", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09954", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12043", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67484" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436190", "reference_id": "2436190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436190" }, { "reference_url": "https://phabricator.wikimedia.org/T401995", "reference_id": "T401995", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:02:03Z/" } ], "url": "https://phabricator.wikimedia.org/T401995" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-67484" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8qp-v64u-tuh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31063?format=api", "vulnerability_id": "VCID-z9d9-aer5-gfa9", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3925", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39342", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39337", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39365", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39164", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39374", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39359", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800" }, { "reference_url": "https://phabricator.wikimedia.org/T284419", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T284419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517", "reference_id": "2009517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73", "reference_id": "GHSA-c8wv-qwwc-6j73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41800", "GHSA-c8wv-qwwc-6j73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78030?format=api", "vulnerability_id": "VCID-zj5a-p9u4-ducw", "summary": "mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60318", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60323", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.6033", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60236", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60262", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60279", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60294", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60314", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60301", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247803", "reference_id": "2247803", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247803" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/", "reference_id": "FU2FGUXXK6TMV6R52VRECLC6XCSQQISY", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/" }, { "reference_url": "https://phabricator.wikimedia.org/T340221", "reference_id": "T340221", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/" } ], "url": "https://phabricator.wikimedia.org/T340221" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2023-45360" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj5a-p9u4-ducw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96835?format=api", "vulnerability_id": "VCID-ztxx-cc2c-87at", "summary": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61643", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00619", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00614", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00612", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00606", "published_at": "2026-04-09T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0082", "published_at": "2026-04-21T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00777", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00776", "published_at": "2026-04-18T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00772", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61643" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643" }, { "reference_url": "https://phabricator.wikimedia.org/T403757", "reference_id": "T403757", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:15:36Z/" } ], "url": "https://phabricator.wikimedia.org/T403757" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026191?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1" } ], "aliases": [ "CVE-2025-61643" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztxx-cc2c-87at" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54312?format=api", "vulnerability_id": "VCID-1697-p35n-fber", "summary": "Wikimedia MediaWiki allows CSRF\nWikimedia MediaWiki through 1.32.1 allows CSRF in logout feature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39524", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39608", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39615", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39472", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39637", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39639", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39629", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12466" }, { "reference_url": "https://phabricator.wikimedia.org/T25227", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T25227" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-27fw-r78j-h898", "reference_id": "GHSA-27fw-r78j-h898", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-27fw-r78j-h898" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-12466", "GHSA-27fw-r78j-h898" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1697-p35n-fber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57664?format=api", "vulnerability_id": "VCID-1866-gt2g-1qfv", "summary": "MediaWiki Incorrect Access Control vulnerability\nMediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35983", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36026", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36093", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36092", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36042", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36207", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36052", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3611", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12469" }, { "reference_url": "https://phabricator.wikimedia.org/T222036", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T222036" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-x3fr-w7r5-x7rg", "reference_id": "GHSA-x3fr-w7r5-x7rg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x3fr-w7r5-x7rg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-12469", "GHSA-x3fr-w7r5-x7rg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1866-gt2g-1qfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6299?format=api", "vulnerability_id": "VCID-1na8-nyq1-yfcy", "summary": "An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the \"exception\" keyword.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42583", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42655", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42672", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42708", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42685", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42673", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42682", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42654", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44911", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44961", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44968", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20270" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-9w8r-397f-prfh", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9w8r-397f-prfh" }, { "reference_url": "https://github.com/pygments/pygments", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments" }, { "reference_url": "https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20270" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4889" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664", "reference_id": "984664", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664" }, { "reference_url": "https://security.archlinux.org/AVG-1662", "reference_id": "AVG-1662", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1662" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0781", "reference_id": "RHSA-2021:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3252", "reference_id": "RHSA-2021:3252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4139", "reference_id": "RHSA-2021:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4150", "reference_id": "RHSA-2021:4150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4151", "reference_id": "RHSA-2021:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4151" }, { "reference_url": "https://usn.ubuntu.com/4885-1/", "reference_id": "USN-4885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4885-1/" }, { "reference_url": "https://usn.ubuntu.com/4897-2/", "reference_id": "USN-4897-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4897-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-20270", "GHSA-9w8r-397f-prfh", "PYSEC-2021-140" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1na8-nyq1-yfcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51028?format=api", "vulnerability_id": "VCID-32f4-khen-3yez", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75081", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75112", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75089", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75123", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75157", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75124", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75287", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75289", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75296", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30159" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948638", "reference_id": "1948638", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948638" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30159" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32f4-khen-3yez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10584?format=api", "vulnerability_id": "VCID-3s9f-prpy-hbcx", "summary": "Cross-site Scripting\nThe jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "reference_url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:1570", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1456", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2587", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3024", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.8299", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.82988", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.83012", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.8302", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.83035", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.83028", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01856", "scoring_system": "epss", "scoring_elements": "0.83024", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02362", "scoring_system": "epss", "scoring_elements": "0.84954", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02646", "scoring_system": "epss", "scoring_elements": "0.85754", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02646", "scoring_system": "epss", "scoring_elements": "0.85759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02717", "scoring_system": "epss", "scoring_elements": "0.8586", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02717", "scoring_system": "epss", "scoring_elements": "0.85871", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11358" }, { "reference_url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "reference_url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released" }, { "reference_url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "reference_url": "https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f" }, { "reference_url": "https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829" }, { "reference_url": "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad" }, { "reference_url": "https://github.com/jquery/jquery", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery/jquery" }, { "reference_url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "reference_url": "https://github.com/jquery/jquery/pull/4333", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://github.com/jquery/jquery/pull/4333" }, { "reference_url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc" }, { "reference_url": "https://github.com/maximebf/php-debugbar/issues/447", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/maximebf/php-debugbar/issues/447" }, { "reference_url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434" }, { "reference_url": "https://hackerone.com/reports/454365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/454365" }, { "reference_url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" }, { "reference_url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/32", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/32" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190919-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190919-0001" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "reference_url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1" }, { "reference_url": "https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4434", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4434" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases" }, { "reference_url": "https://www.drupal.org/sa-core-2019-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.drupal.org/sa-core-2019-006" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "reference_url": "https://www.tenable.com/security/tns-2019-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.tenable.com/security/tns-2019-08" }, { "reference_url": "https://www.tenable.com/security/tns-2020-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.tenable.com/security/tns-2020-02" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { "reference_url": "http://www.securityfocus.com/bid/108023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "http://www.securityfocus.com/bid/108023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", "reference_id": "1701972", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "reference_url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json", "reference_id": "496", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "reference_id": "4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "reference_id": "5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466", "reference_id": "927466", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466" }, { "reference_url": "https://security.archlinux.org/ASA-201906-2", "reference_id": "ASA-201906-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-2" }, { "reference_url": "https://security.archlinux.org/AVG-969", "reference_id": "AVG-969", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-969" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "reference_id": "CVE-2019-11358", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml", "reference_id": "CVE-2019-11358.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt", "reference_id": "CVE-2020-7656;CVE-2019-11358", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt" }, { "reference_url": "https://github.com/advisories/GHSA-6c3j-c64m-qhgq", "reference_id": "GHSA-6c3j-c64m-qhgq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6c3j-c64m-qhgq" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "reference_id": "KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" }, { "reference_url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "reference_id": "mitigating-cve-2019-11358-in-old-versions-of-jquery", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "reference_id": "ntap-20190919-0001", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "reference_id": "QV3PKZC3PQCO3273HAT76PAQZFBEO4KP", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1325", "reference_id": "RHSA-2020:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2412", "reference_id": "RHSA-2020:2412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3936", "reference_id": "RHSA-2020:3936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4670", "reference_id": "RHSA-2020:4670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4847", "reference_id": "RHSA-2020:4847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5581", "reference_id": "RHSA-2020:5581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4142", "reference_id": "RHSA-2021:4142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7343", "reference_id": "RHSA-2022:7343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "reference_id": "RLXRX23725JL366CNZGJZ7AQQB7LHQ6F", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" }, { "reference_url": "https://usn.ubuntu.com/7622-1/", "reference_id": "USN-7622-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7622-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "reference_id": "WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-11358", "GHSA-6c3j-c64m-qhgq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3s9f-prpy-hbcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51030?format=api", "vulnerability_id": "VCID-4dfp-3qk9-j7fg", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72618", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72626", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72621", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.7266", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72673", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72696", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72669", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72711", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72723", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72714", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980308", "reference_id": "1980308", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980308" }, { "reference_url": "https://security.archlinux.org/ASA-202107-7", "reference_id": "ASA-202107-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-7" }, { "reference_url": "https://security.archlinux.org/AVG-2093", "reference_id": "AVG-2093", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2093" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-35197" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dfp-3qk9-j7fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55617?format=api", "vulnerability_id": "VCID-4keq-jcfa-13hc", "summary": "Possible to circumvent title-blacklist\nMediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19709", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54574", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54605", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54625", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54587", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54613", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54567", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54597", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54502", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54608", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54626", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709" }, { "reference_url": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19709", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19709" }, { "reference_url": "https://phabricator.wikimedia.org/T239466", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T239466" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/48", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Dec/48" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4592", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4592" }, { "reference_url": "https://github.com/advisories/GHSA-pjv5-vv93-p648", "reference_id": "GHSA-pjv5-vv93-p648", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pjv5-vv93-p648" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-19709", "GHSA-pjv5-vv93-p648" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4keq-jcfa-13hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80690?format=api", "vulnerability_id": "VCID-7ar6-14bb-yfc5", "summary": "mediawiki: divergent behavior for contributions and user pages of hidden users and missing users", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56945", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5704", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57039", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5709", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57092", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57104", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57083", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57059", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57086", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5706", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909240", "reference_id": "1909240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909240" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35480" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ar6-14bb-yfc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90959?format=api", "vulnerability_id": "VCID-7j54-uz1w-y3dn", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5935", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59293", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59281", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59332", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59345", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59364", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59348", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59362", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59369", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41801" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7j54-uz1w-y3dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51024?format=api", "vulnerability_id": "VCID-7m3q-wuh7-k7fn", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74316", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74306", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78172", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78154", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78181", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78187", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78212", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78195", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01115", "scoring_system": "epss", "scoring_elements": "0.78133", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946690", "reference_id": "1946690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946690" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30154" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m3q-wuh7-k7fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51026?format=api", "vulnerability_id": "VCID-8sqw-6aae-13f5", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72796", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72793", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00734", "scoring_system": "epss", "scoring_elements": "0.72804", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.76995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77005", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77076", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77055", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.7705", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.76989", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01006", "scoring_system": "epss", "scoring_elements": "0.77024", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946692", "reference_id": "1946692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946692" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30157" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqw-6aae-13f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31061?format=api", "vulnerability_id": "VCID-9nnu-4mda-7qg9", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36614", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36769", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36637", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36653", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36698", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3668", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3662", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009507", "reference_id": "2009507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009507" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41798" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nnu-4mda-7qg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51027?format=api", "vulnerability_id": "VCID-ad34-frk5-kqds", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.69775", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.69784", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.69794", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69801", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69793", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69856", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69879", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69864", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69851", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69788", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69816", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946698", "reference_id": "1946698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946698" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30158" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ad34-frk5-kqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59672?format=api", "vulnerability_id": "VCID-arzd-7xhw-qqb4", "summary": "OATHAuth extension in MediaWiki is not implementing rate limit\nAn issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46991", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47042", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46983", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4697", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47046", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4701", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46985", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25827" }, { "reference_url": "https://phabricator.wikimedia.org/T251661", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T251661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903761", "reference_id": "1903761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903761" }, { "reference_url": "https://github.com/advisories/GHSA-rqvj-fc2x-99q6", "reference_id": "GHSA-rqvj-fc2x-99q6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqvj-fc2x-99q6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25827", "GHSA-rqvj-fc2x-99q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arzd-7xhw-qqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55634?format=api", "vulnerability_id": "VCID-at9r-vw7p-6bfv", "summary": "MediaWiki makeCollapsible allows applying event handler to any CSS selector\nIn MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10960.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43324", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43333", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43299", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43351", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43365", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43386", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43355", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43339", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43399", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43389", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43275", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10960" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yaml" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10960", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10960" }, { "reference_url": "https://phabricator.wikimedia.org/T246602", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T246602" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826076", "reference_id": "1826076", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826076" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-pfm2-mqwj-ggm5", "reference_id": "GHSA-pfm2-mqwj-ggm5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pfm2-mqwj-ggm5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2020-10960", "GHSA-pfm2-mqwj-ggm5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-at9r-vw7p-6bfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57632?format=api", "vulnerability_id": "VCID-azup-qzq7-sbh6", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nIn MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href =\"javascript... that executes when clicked.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56468", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56498", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56464", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56507", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5646", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56492", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56437", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56339", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25814" }, { "reference_url": "https://phabricator.wikimedia.org/T86738", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T86738" }, { "reference_url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903774", "reference_id": "1903774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903774" }, { "reference_url": "https://github.com/advisories/GHSA-4vr7-m8p8-434h", "reference_id": "GHSA-4vr7-m8p8-434h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vr7-m8p8-434h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25814", "GHSA-4vr7-m8p8-434h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55161?format=api", "vulnerability_id": "VCID-bbef-akjp-a3gp", "summary": "Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple\nWikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64506", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.6459", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64579", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64573", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64518", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64464", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64548", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64586", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.6457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64554", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12473" }, { "reference_url": "https://phabricator.wikimedia.org/T204729", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T204729" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-33xw-x3pr-rvqj", "reference_id": "GHSA-33xw-x3pr-rvqj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33xw-x3pr-rvqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-12473", "GHSA-33xw-x3pr-rvqj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbef-akjp-a3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6290?format=api", "vulnerability_id": "VCID-brg4-rv29-1fgz", "summary": "In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86827", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86882", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86887", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86891", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86879", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.8687", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.8685", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86856", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03141", "scoring_system": "epss", "scoring_elements": "0.86837", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.034", "scoring_system": "epss", "scoring_elements": "0.87436", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.034", "scoring_system": "epss", "scoring_elements": "0.87433", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.034", "scoring_system": "epss", "scoring_elements": "0.8743", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce" }, { "reference_url": "https://github.com/advisories/GHSA-pq64-v7f5-gqh8", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pq64-v7f5-gqh8" }, { "reference_url": "https://github.com/pygments/pygments", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments" }, { "reference_url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27291" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4878", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4878" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4889" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940603", "reference_id": "1940603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940603" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574", "reference_id": "985574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574" }, { "reference_url": "https://security.archlinux.org/AVG-1662", "reference_id": "AVG-1662", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1662" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0781", "reference_id": "RHSA-2021:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3252", "reference_id": "RHSA-2021:3252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4139", "reference_id": "RHSA-2021:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4150", "reference_id": "RHSA-2021:4150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4151", "reference_id": "RHSA-2021:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4151" }, { "reference_url": "https://usn.ubuntu.com/4897-1/", "reference_id": "USN-4897-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4897-1/" }, { "reference_url": "https://usn.ubuntu.com/4897-2/", "reference_id": "USN-4897-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4897-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-27291", "GHSA-pq64-v7f5-gqh8", "PYSEC-2021-141" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brg4-rv29-1fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31062?format=api", "vulnerability_id": "VCID-c8zy-wsn9-63af", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50227", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50296", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50244", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50297", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5029", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50317", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50291", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5028", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50324", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50325", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50299", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009511", "reference_id": "2009511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009511" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41799" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8zy-wsn9-63af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80689?format=api", "vulnerability_id": "VCID-d6kz-e82q-6kh3", "summary": "mediawiki: potential XSS via the month messages such as MediaWiki:january through MediaWiki:december outputting Block Logs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.74971", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.74974", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.7498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75014", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75025", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75046", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75015", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75051", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75059", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75048", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909237", "reference_id": "1909237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909237" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35479" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6kz-e82q-6kh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56585?format=api", "vulnerability_id": "VCID-eud3-k24q-6ber", "summary": "Multiple vulnerabilities have been found in Firejail, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.89064", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.89073", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.89088", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.8909", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.89108", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.89113", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.89124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.8912", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.89118", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.89132", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0449", "scoring_system": "epss", "scoring_elements": "0.89128", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://security.gentoo.org/glsa/202101-02", "reference_id": "GLSA-202101-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2020-17368" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eud3-k24q-6ber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80687?format=api", "vulnerability_id": "VCID-fwb3-kxy8-73hz", "summary": "mediawiki: unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64668", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.6472", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64748", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64754", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64769", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64785", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64795", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.64782", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909231", "reference_id": "1909231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909231" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35477" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwb3-kxy8-73hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55940?format=api", "vulnerability_id": "VCID-gma6-b9cy-kqee", "summary": "MediaWiki Incorrect Access Control vulnerability\nMediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53131", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53241", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53235", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53198", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53214", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53139", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53118", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53163", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53229", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53178", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53185", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12467" }, { "reference_url": "https://phabricator.wikimedia.org/T209794", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T209794" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-6vfg-8ppv-h5hg", "reference_id": "GHSA-6vfg-8ppv-h5hg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6vfg-8ppv-h5hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-12467", "GHSA-6vfg-8ppv-h5hg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gma6-b9cy-kqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57902?format=api", "vulnerability_id": "VCID-h8jw-brz8-hkfn", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58937", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58958", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58939", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58938", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58933", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58881", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58817", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58913", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58892", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25812" }, { "reference_url": "https://phabricator.wikimedia.org/T255918", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T255918" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903767", "reference_id": "1903767", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903767" }, { "reference_url": "https://github.com/advisories/GHSA-rj9p-8jxj-2ch4", "reference_id": "GHSA-rj9p-8jxj-2ch4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rj9p-8jxj-2ch4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25812", "GHSA-rj9p-8jxj-2ch4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8jw-brz8-hkfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80685?format=api", "vulnerability_id": "VCID-j1bz-4bex-4key", "summary": "mediawiki: messages userrights-expiry-current and userrights-expiry-none can contain raw html", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69172", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69188", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.6919", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.6924", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69266", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69238", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69277", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69285", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69265", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909224", "reference_id": "1909224", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909224" }, { "reference_url": "https://security.archlinux.org/ASA-202101-22", "reference_id": "ASA-202101-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-22" }, { "reference_url": "https://security.archlinux.org/AVG-1371", "reference_id": "AVG-1371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-35475" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1bz-4bex-4key" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51025?format=api", "vulnerability_id": "VCID-k1f5-msra-4kam", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5488", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54901", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63482", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63473", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63542", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63558", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63543", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63422", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63509", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948641", "reference_id": "1948641", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948641" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30155" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1f5-msra-4kam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57715?format=api", "vulnerability_id": "VCID-kjp3-cs2f-t7b4", "summary": "MediaWiki Cross-site Scripting (XSS)\nWikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58082", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58107", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58106", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58095", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58048", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.57963", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5807", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58102", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58099", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12471" }, { "reference_url": "https://phabricator.wikimedia.org/T207603", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T207603" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-2rm7-xxx8-35jh", "reference_id": "GHSA-2rm7-xxx8-35jh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rm7-xxx8-35jh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-12471", "GHSA-2rm7-xxx8-35jh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjp3-cs2f-t7b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57414?format=api", "vulnerability_id": "VCID-pm5t-23j4-6yh6", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5985", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59859", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59839", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59703", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5977", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59801", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25828" }, { "reference_url": "https://phabricator.wikimedia.org/T115888", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T115888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903776", "reference_id": "1903776", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903776" }, { "reference_url": "https://github.com/advisories/GHSA-h8qx-mj6v-2934", "reference_id": "GHSA-h8qx-mj6v-2934", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8qx-mj6v-2934" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25828", "GHSA-h8qx-mj6v-2934" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57500?format=api", "vulnerability_id": "VCID-qmx3-kcnd-zuhe", "summary": "Wikimedia MediaWiki Incorrect Access Control vulnerability\nAn Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66797", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66814", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66774", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66753", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66688", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.668", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66766", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66796", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.6681", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66789", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12468" }, { "reference_url": "https://phabricator.wikimedia.org/T197279", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T197279" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-wrhx-3pxr-6vgg", "reference_id": "GHSA-wrhx-3pxr-6vgg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrhx-3pxr-6vgg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-12468", "GHSA-wrhx-3pxr-6vgg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmx3-kcnd-zuhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51023?format=api", "vulnerability_id": "VCID-rwtk-hep1-xfaw", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59101", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59121", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67036", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67056", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67041", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6701", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.66938", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67001", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948636", "reference_id": "1948636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948636" }, { "reference_url": "https://security.archlinux.org/AVG-1775", "reference_id": "AVG-1775", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1775" }, { "reference_url": "https://security.gentoo.org/glsa/202107-40", "reference_id": "GLSA-202107-40", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-30152" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwtk-hep1-xfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14728?format=api", "vulnerability_id": "VCID-sf61-byhw-17gv", "summary": "Mediawiki Improper Privilege Management\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3142", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3238", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3813", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3813" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59493", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59631", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59647", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.5964", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59607", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59627", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.5956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59566", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59643", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59624", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" }, { "reference_url": "https://phabricator.wikimedia.org/T169545", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T169545" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4301" }, { "reference_url": "http://www.securitytracker.com/id/1041695", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634161", "reference_id": "1634161", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634161" }, { "reference_url": "https://security.archlinux.org/ASA-201809-5", "reference_id": "ASA-201809-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-5" }, { "reference_url": "https://security.archlinux.org/AVG-765", "reference_id": "AVG-765", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-765" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0503", "reference_id": "CVE-2018-0503", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0503" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml", "reference_id": "CVE-2018-0503.YAML", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-mhfv-9h99-jwg7", "reference_id": "GHSA-mhfv-9h99-jwg7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhfv-9h99-jwg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2018-0503", "GHSA-mhfv-9h99-jwg7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sf61-byhw-17gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54640?format=api", "vulnerability_id": "VCID-t6w8-cgct-gbgz", "summary": "MediaWiki information disclosure\nIn MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61711", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61705", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61536", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61659", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.6164", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.6161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61664", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61684", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61695", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61674", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16738", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16738" }, { "reference_url": "https://phabricator.wikimedia.org/T230402", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T230402" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/32", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Oct/32" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4545", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4545" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755762", "reference_id": "1755762", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755762" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-7hwr-f745-5rwq", "reference_id": "GHSA-7hwr-f745-5rwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7hwr-f745-5rwq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-16738", "GHSA-7hwr-f745-5rwq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6w8-cgct-gbgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55130?format=api", "vulnerability_id": "VCID-tq2e-c9ym-a3hj", "summary": "Wikimedia information leak vulnerability\nWikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49391", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49445", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49475", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49478", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49432", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49411", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49382", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49438", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49458", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49441", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49446", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12474" }, { "reference_url": "https://phabricator.wikimedia.org/T212118", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T212118" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-2qrr-c2gh-pr35", "reference_id": "GHSA-2qrr-c2gh-pr35", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qrr-c2gh-pr35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-12474", "GHSA-2qrr-c2gh-pr35" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tq2e-c9ym-a3hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55371?format=api", "vulnerability_id": "VCID-u2xc-ztge-p3bv", "summary": "MediaWiki Incorrect Access Control vulnerability\nAn Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35707", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35905", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35765", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35816", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35838", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35845", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35805", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35782", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35821", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35809", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12472" }, { "reference_url": "https://phabricator.wikimedia.org/T199540", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T199540" }, { "reference_url": "https://github.com/advisories/GHSA-7mqg-5fgh-xh4r", "reference_id": "GHSA-7mqg-5fgh-xh4r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mqg-5fgh-xh4r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-12472", "GHSA-7mqg-5fgh-xh4r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2xc-ztge-p3bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55339?format=api", "vulnerability_id": "VCID-ujdn-y48t-pbch", "summary": "MediaWiki Special:UserRights exposes the existence of hidden users\nIn MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, Special:UserRights exposes the existence of hidden users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58639", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5864", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58565", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58595", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58574", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58489", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58623", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58616", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://meta.wikimedia.org/wiki/Special:UserRights", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://meta.wikimedia.org/wiki/Special:UserRights" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25813" }, { "reference_url": "https://phabricator.wikimedia.org/T232568", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T232568" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903764", "reference_id": "1903764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903764" }, { "reference_url": "https://github.com/advisories/GHSA-c4rj-wrmq-52rj", "reference_id": "GHSA-c4rj-wrmq-52rj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4rj-wrmq-52rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2020-25813", "GHSA-c4rj-wrmq-52rj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujdn-y48t-pbch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56584?format=api", "vulnerability_id": "VCID-uzv4-9xtx-ryhr", "summary": "Multiple vulnerabilities have been found in Firejail, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33197", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33324", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33356", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33189", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33232", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.3327", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33229", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33206", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33246", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33223", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33186", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://security.gentoo.org/glsa/202101-02", "reference_id": "GLSA-202101-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2020-17367" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uzv4-9xtx-ryhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14512?format=api", "vulnerability_id": "VCID-v27j-4pnt-n7h9", "summary": "Mediawiki BotPassword can bypass CentralAuth's account lock\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3142", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3813", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3813" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62309", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6245", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62466", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6246", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62437", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62411", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62362", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62397", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62367", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62447", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62428", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" }, { "reference_url": "https://phabricator.wikimedia.org/T194605", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T194605" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4301" }, { "reference_url": "http://www.securitytracker.com/id/1041695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634166", "reference_id": "1634166", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634166" }, { "reference_url": "https://security.archlinux.org/ASA-201809-5", "reference_id": "ASA-201809-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-5" }, { "reference_url": "https://security.archlinux.org/AVG-765", "reference_id": "AVG-765", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-765" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0505", "reference_id": "CVE-2018-0505", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0505" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml", "reference_id": "CVE-2018-0505.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-5c6w-f4w2-2grp", "reference_id": "GHSA-5c6w-f4w2-2grp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5c6w-f4w2-2grp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2018-0505", "GHSA-5c6w-f4w2-2grp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v27j-4pnt-n7h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14846?format=api", "vulnerability_id": "VCID-w3f8-nrqd-p7gq", "summary": "Mediawiki information disclosure vulnerability\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3813", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3813" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81353", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81702", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81805", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.8176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81733", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81736", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81713", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81804", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81767", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81772", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81784", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81765", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" }, { "reference_url": "https://phabricator.wikimedia.org/T187638", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T187638" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4301" }, { "reference_url": "http://www.securitytracker.com/id/1041695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634168", "reference_id": "1634168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634168" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0504", "reference_id": "CVE-2018-0504", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0504" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml", "reference_id": "CVE-2018-0504.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-hr8v-f4g2-p66f", "reference_id": "GHSA-hr8v-f4g2-p66f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hr8v-f4g2-p66f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2018-0504", "GHSA-hr8v-f4g2-p66f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3f8-nrqd-p7gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55233?format=api", "vulnerability_id": "VCID-yr8d-347g-pugg", "summary": "Wikimedia MediaWik exposed suppressed log in RevisionDelete page\nWikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.3805", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37936", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38018", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38007", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38074", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37889", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37973", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37998", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38034", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38017", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12470" }, { "reference_url": "https://phabricator.wikimedia.org/T222038", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T222038" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-733q-m38x-q7cc", "reference_id": "GHSA-733q-m38x-q7cc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-733q-m38x-q7cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036905?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sf61-byhw-17gv" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-v27j-4pnt-n7h9" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w3f8-nrqd-p7gq" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.7-1~deb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-12470", "GHSA-733q-m38x-q7cc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yr8d-347g-pugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31063?format=api", "vulnerability_id": "VCID-z9d9-aer5-gfa9", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3925", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39342", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39337", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39365", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39164", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39374", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39359", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800" }, { "reference_url": "https://phabricator.wikimedia.org/T284419", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T284419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517", "reference_id": "2009517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73", "reference_id": "GHSA-c8wv-qwwc-6j73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026190?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-zmax-894d-5kfd" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41800", "GHSA-c8wv-qwwc-6j73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59788?format=api", "vulnerability_id": "VCID-zgdf-mxfn-gbea", "summary": "img_auth.php may leak private extension images into the public cache\nIn MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72868", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72768", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72776", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72796", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72773", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72811", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72825", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.7285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72833", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72824", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72866", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72876", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15005" }, { "reference_url": "https://phabricator.wikimedia.org/T248947", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T248947" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4767", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851026", "reference_id": "1851026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851026" }, { "reference_url": "https://github.com/advisories/GHSA-xpv7-93cm-4mxv", "reference_id": "GHSA-xpv7-93cm-4mxv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpv7-93cm-4mxv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037792?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.31.16-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1na8-nyq1-yfcy" }, { "vulnerability": "VCID-2wcb-hty6-uyez" }, { "vulnerability": "VCID-2xja-2whv-fqe4" }, { "vulnerability": "VCID-32f4-khen-3yez" }, { "vulnerability": "VCID-3zue-5ccg-23hs" }, { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4dfp-3qk9-j7fg" }, { "vulnerability": "VCID-4yhr-jjt9-afaq" }, { "vulnerability": "VCID-5myd-ngfx-5qhb" }, { "vulnerability": "VCID-674z-nf4t-b7ez" }, { "vulnerability": "VCID-6ads-gs3n-dubh" }, { "vulnerability": "VCID-73p6-esc6-tydd" }, { "vulnerability": "VCID-74ej-8sna-jyek" }, { "vulnerability": "VCID-7ar6-14bb-yfc5" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-7j54-uz1w-y3dn" }, { "vulnerability": "VCID-7m3q-wuh7-k7fn" }, { "vulnerability": "VCID-7wh4-say2-pqap" }, { "vulnerability": "VCID-812q-n5hg-u7dx" }, { "vulnerability": "VCID-8sqw-6aae-13f5" }, { "vulnerability": "VCID-8uw8-ja3w-r3da" }, { "vulnerability": "VCID-92hf-r3sb-jbhy" }, { "vulnerability": "VCID-9346-9aaj-fkfw" }, { "vulnerability": "VCID-95d1-mkm6-r3cq" }, { "vulnerability": "VCID-9exs-x5s1-4bhg" }, { "vulnerability": "VCID-9g1g-z7d8-c7ah" }, { "vulnerability": "VCID-9nnu-4mda-7qg9" }, { "vulnerability": "VCID-9xyz-wzr8-wqhz" }, { "vulnerability": "VCID-a8nh-mvhd-bka7" }, { "vulnerability": "VCID-ad34-frk5-kqds" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-av7r-cpew-xkcn" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-b5ke-cjtq-q3ev" }, { "vulnerability": "VCID-b8r6-r39r-3ffm" }, { "vulnerability": "VCID-brg4-rv29-1fgz" }, { "vulnerability": "VCID-c8zy-wsn9-63af" }, { "vulnerability": "VCID-ckkj-z5nq-akhb" }, { "vulnerability": "VCID-d6kz-e82q-6kh3" }, { "vulnerability": "VCID-den1-257q-euc9" }, { "vulnerability": "VCID-e8np-4nbw-t3b3" }, { "vulnerability": "VCID-ea7c-xk4h-13fs" }, { "vulnerability": "VCID-eefm-65rj-pyg2" }, { "vulnerability": "VCID-fnzm-dxb3-v7hr" }, { "vulnerability": "VCID-fptt-2t1j-8fec" }, { "vulnerability": "VCID-fwb3-kxy8-73hz" }, { "vulnerability": "VCID-h3d2-nr9e-nqbk" }, { "vulnerability": "VCID-h789-pcxv-kbgd" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-j1bz-4bex-4key" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-jwkd-wdus-6ygg" }, { "vulnerability": "VCID-k1f5-msra-4kam" }, { "vulnerability": "VCID-k7qb-7hbj-1qc2" }, { "vulnerability": "VCID-m1j5-3ecf-dffj" }, { "vulnerability": "VCID-m1xy-yucr-dqfs" }, { "vulnerability": "VCID-m7uw-sa5j-u3bw" }, { "vulnerability": "VCID-mbs4-gs37-1fh5" }, { "vulnerability": "VCID-nwsr-ruca-2kha" }, { "vulnerability": "VCID-pm3s-z5ap-qqay" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-pw9d-1cwb-tyb9" }, { "vulnerability": "VCID-pwjk-pzpj-aff6" }, { "vulnerability": "VCID-qjhk-97j6-2qfm" }, { "vulnerability": "VCID-qpgu-mg6m-vyef" }, { "vulnerability": "VCID-qqvd-cjs3-7kab" }, { "vulnerability": "VCID-qwcp-5hh8-z3gp" }, { "vulnerability": "VCID-ruur-4cvx-cqct" }, { "vulnerability": "VCID-rwtk-hep1-xfaw" }, { "vulnerability": "VCID-rz65-w7x5-57hu" }, { "vulnerability": "VCID-sc5s-s7vg-dygq" }, { "vulnerability": "VCID-sca5-n7rz-rffq" }, { "vulnerability": "VCID-sr9a-a6vt-1qgt" }, { "vulnerability": "VCID-tutk-y8jg-n7dh" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-v3dp-7stt-tygf" }, { "vulnerability": "VCID-vjd5-jv5h-yfhw" }, { "vulnerability": "VCID-w51y-hprj-buap" }, { "vulnerability": "VCID-wraf-59ce-u3br" }, { "vulnerability": "VCID-wzqf-k99e-vbeu" }, { "vulnerability": "VCID-xtd9-wbd9-67ew" }, { "vulnerability": "VCID-yakw-r8bh-5bde" }, { "vulnerability": "VCID-z3qw-4ejj-uffj" }, { "vulnerability": "VCID-z8qp-v64u-tuh8" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zj5a-p9u4-ducw" }, { "vulnerability": "VCID-ztxx-cc2c-87at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" } ], "aliases": [ "CVE-2020-15005", "GHSA-xpv7-93cm-4mxv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgdf-mxfn-gbea" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.16-1%252Bdeb10u2" }