Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mediawiki/core@1.31.9
Typecomposer
Namespacemediawiki
Namecore
Version1.31.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.35.12
Latest_non_vulnerable_version1.40.1
Affected_by_vulnerabilities
0
url VCID-7fnd-1drh-rfcq
vulnerability_id VCID-7fnd-1drh-rfcq
summary resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10959
reference_id
reference_type
scores
0
value 0.00273
scoring_system epss
scoring_elements 0.50898
published_at 2026-06-08T12:55:00Z
1
value 0.00273
scoring_system epss
scoring_elements 0.50882
published_at 2026-06-04T12:55:00Z
2
value 0.00273
scoring_system epss
scoring_elements 0.50928
published_at 2026-06-07T12:55:00Z
3
value 0.00273
scoring_system epss
scoring_elements 0.50949
published_at 2026-06-06T12:55:00Z
4
value 0.00273
scoring_system epss
scoring_elements 0.50944
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10959
2
reference_url https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml
4
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
5
reference_url https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10959
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10959
7
reference_url https://phabricator.wikimedia.org/T232932
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T232932
8
reference_url https://phabricator.wikimedia.org/T240393
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T240393
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1826079
reference_id 1826079
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1826079
10
reference_url https://github.com/advisories/GHSA-mqhw-wq8p-vf5r
reference_id GHSA-mqhw-wq8p-vf5r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqhw-wq8p-vf5r
fixed_packages
0
url pkg:composer/mediawiki/core@1.34.0-rc.0
purl pkg:composer/mediawiki/core@1.34.0-rc.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5m1h-d3k7-wbd4
1
vulnerability VCID-dsh9-aupc-6kce
2
vulnerability VCID-er5f-3bhf-b7fy
3
vulnerability VCID-najx-n63u-tqf5
4
vulnerability VCID-p39b-8e53-tfgj
5
vulnerability VCID-q1rw-mxdb-gbe7
6
vulnerability VCID-wte4-8b73-p3hw
7
vulnerability VCID-x8p9-z9ze-n7ac
8
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.0-rc.0
aliases CVE-2020-10959, GHSA-mqhw-wq8p-vf5r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7fnd-1drh-rfcq
1
url VCID-najx-n63u-tqf5
vulnerability_id VCID-najx-n63u-tqf5
summary 
MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45363
reference_id
reference_type
scores
0
value 0.11025
scoring_system epss
scoring_elements 0.93582
published_at 2026-06-08T12:55:00Z
1
value 0.11025
scoring_system epss
scoring_elements 0.93584
published_at 2026-06-05T12:55:00Z
2
value 0.11025
scoring_system epss
scoring_elements 0.93585
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45363
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
5
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
6
reference_url https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8
7
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
8
reference_url https://phabricator.wikimedia.org/T333050
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/
url https://phabricator.wikimedia.org/T333050
9
reference_url https://www.debian.org/security/2023/dsa-5520
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/
url https://www.debian.org/security/2023/dsa-5520
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45363
reference_id CVE-2023-45363
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45363
11
reference_url https://github.com/advisories/GHSA-w5fx-cx7f-6vr9
reference_id GHSA-w5fx-cx7f-6vr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w5fx-cx7f-6vr9
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.12
purl pkg:composer/mediawiki/core@1.35.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.12
1
url pkg:composer/mediawiki/core@1.39.5
purl pkg:composer/mediawiki/core@1.39.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.5
2
url pkg:composer/mediawiki/core@1.40.1
purl pkg:composer/mediawiki/core@1.40.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.40.1
aliases CVE-2023-45363, GHSA-w5fx-cx7f-6vr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-najx-n63u-tqf5
2
url VCID-wte4-8b73-p3hw
vulnerability_id VCID-wte4-8b73-p3hw
summary 
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29141
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52843
published_at 2026-06-08T12:55:00Z
1
value 0.00292
scoring_system epss
scoring_elements 0.52881
published_at 2026-06-05T12:55:00Z
2
value 0.00292
scoring_system epss
scoring_elements 0.52887
published_at 2026-06-06T12:55:00Z
3
value 0.00292
scoring_system epss
scoring_elements 0.52868
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29141
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
5
reference_url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
6
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
7
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
10
reference_url https://phabricator.wikimedia.org/T285159
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://phabricator.wikimedia.org/T285159
11
reference_url https://www.debian.org/security/2023/dsa-5447
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://www.debian.org/security/2023/dsa-5447
12
reference_url https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
13
reference_url https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
14
reference_url https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183627
reference_id 2183627
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183627
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29141
reference_id CVE-2023-29141
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29141
17
reference_url https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
reference_id GHSA-5vj8-g3qg-4qh6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
reference_id ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
reference_id ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.10
purl pkg:composer/mediawiki/core@1.35.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10
1
url pkg:composer/mediawiki/core@1.38.6
purl pkg:composer/mediawiki/core@1.38.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6
2
url pkg:composer/mediawiki/core@1.39.3
purl pkg:composer/mediawiki/core@1.39.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3
aliases CVE-2023-29141, GHSA-5vj8-g3qg-4qh6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wte4-8b73-p3hw
3
url VCID-xxzh-tyxs-6ugj
vulnerability_id VCID-xxzh-tyxs-6ugj
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41800
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.72208
published_at 2026-06-06T12:55:00Z
1
value 0.00689
scoring_system epss
scoring_elements 0.72174
published_at 2026-06-08T12:55:00Z
2
value 0.00689
scoring_system epss
scoring_elements 0.72187
published_at 2026-06-07T12:55:00Z
3
value 0.00689
scoring_system epss
scoring_elements 0.7216
published_at 2026-06-04T12:55:00Z
4
value 0.00689
scoring_system epss
scoring_elements 0.72201
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41800
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
7
reference_url https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
14
reference_url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5
15
reference_url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
reference_id
reference_type
scores
url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41800
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41800
17
reference_url https://phabricator.wikimedia.org/T284419
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T284419
18
reference_url https://security.gentoo.org/glsa/202305-24
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202305-24
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2009517
reference_id 2009517
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2009517
20
reference_url https://security.archlinux.org/AVG-2434
reference_id AVG-2434
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2434
21
reference_url https://github.com/advisories/GHSA-c8wv-qwwc-6j73
reference_id GHSA-c8wv-qwwc-6j73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c8wv-qwwc-6j73
fixed_packages
0
url pkg:composer/mediawiki/core@1.36.2
purl pkg:composer/mediawiki/core@1.36.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.36.2
aliases CVE-2021-41800, GHSA-c8wv-qwwc-6j73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxzh-tyxs-6ugj
Fixing_vulnerabilities
0
url VCID-dsh9-aupc-6kce
vulnerability_id VCID-dsh9-aupc-6kce
summary An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25827
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.47205
published_at 2026-06-06T12:55:00Z
1
value 0.00239
scoring_system epss
scoring_elements 0.47156
published_at 2026-06-08T12:55:00Z
2
value 0.00239
scoring_system epss
scoring_elements 0.47186
published_at 2026-06-07T12:55:00Z
3
value 0.00239
scoring_system epss
scoring_elements 0.47138
published_at 2026-06-04T12:55:00Z
4
value 0.00239
scoring_system epss
scoring_elements 0.47202
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25827
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
15
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25827
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25827
17
reference_url https://phabricator.wikimedia.org/T251661
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T251661
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903761
reference_id 1903761
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903761
19
reference_url https://github.com/advisories/GHSA-rqvj-fc2x-99q6
reference_id GHSA-rqvj-fc2x-99q6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqvj-fc2x-99q6
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.9
purl pkg:composer/mediawiki/core@1.31.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7fnd-1drh-rfcq
1
vulnerability VCID-najx-n63u-tqf5
2
vulnerability VCID-wte4-8b73-p3hw
3
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9
1
url pkg:composer/mediawiki/core@1.34.3
purl pkg:composer/mediawiki/core@1.34.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
1
vulnerability VCID-wte4-8b73-p3hw
2
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3
aliases CVE-2020-25827, GHSA-rqvj-fc2x-99q6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsh9-aupc-6kce
1
url VCID-p39b-8e53-tfgj
vulnerability_id VCID-p39b-8e53-tfgj
summary In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25814
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56736
published_at 2026-06-08T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56703
published_at 2026-06-04T12:55:00Z
2
value 0.00336
scoring_system epss
scoring_elements 0.56762
published_at 2026-06-06T12:55:00Z
3
value 0.00336
scoring_system epss
scoring_elements 0.56755
published_at 2026-06-05T12:55:00Z
4
value 0.00336
scoring_system epss
scoring_elements 0.5675
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25814
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25814
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25814
16
reference_url https://phabricator.wikimedia.org/T86738
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T86738
17
reference_url https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903774
reference_id 1903774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903774
19
reference_url https://github.com/advisories/GHSA-4vr7-m8p8-434h
reference_id GHSA-4vr7-m8p8-434h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vr7-m8p8-434h
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.9
purl pkg:composer/mediawiki/core@1.31.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7fnd-1drh-rfcq
1
vulnerability VCID-najx-n63u-tqf5
2
vulnerability VCID-wte4-8b73-p3hw
3
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9
1
url pkg:composer/mediawiki/core@1.34.3
purl pkg:composer/mediawiki/core@1.34.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
1
vulnerability VCID-wte4-8b73-p3hw
2
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3
2
url pkg:composer/mediawiki/core@1.35.0
purl pkg:composer/mediawiki/core@1.35.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
1
vulnerability VCID-wte4-8b73-p3hw
2
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0
aliases CVE-2020-25814, GHSA-4vr7-m8p8-434h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p39b-8e53-tfgj
2
url VCID-q1rw-mxdb-gbe7
vulnerability_id VCID-q1rw-mxdb-gbe7
summary In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25813
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58942
published_at 2026-06-06T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58889
published_at 2026-06-04T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58918
published_at 2026-06-08T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58934
published_at 2026-06-07T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58936
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25813
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
15
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
16
reference_url https://meta.wikimedia.org/wiki/Special:UserRights
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://meta.wikimedia.org/wiki/Special:UserRights
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25813
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25813
18
reference_url https://phabricator.wikimedia.org/T232568
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T232568
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903764
reference_id 1903764
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903764
20
reference_url https://github.com/advisories/GHSA-c4rj-wrmq-52rj
reference_id GHSA-c4rj-wrmq-52rj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4rj-wrmq-52rj
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.9
purl pkg:composer/mediawiki/core@1.31.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7fnd-1drh-rfcq
1
vulnerability VCID-najx-n63u-tqf5
2
vulnerability VCID-wte4-8b73-p3hw
3
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9
1
url pkg:composer/mediawiki/core@1.34.3
purl pkg:composer/mediawiki/core@1.34.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
1
vulnerability VCID-wte4-8b73-p3hw
2
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3
aliases CVE-2020-25813, GHSA-c4rj-wrmq-52rj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q1rw-mxdb-gbe7
3
url VCID-x8p9-z9ze-n7ac
vulnerability_id VCID-x8p9-z9ze-n7ac
summary An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25828
reference_id
reference_type
scores
0
value 0.00387
scoring_system epss
scoring_elements 0.60149
published_at 2026-06-08T12:55:00Z
1
value 0.00387
scoring_system epss
scoring_elements 0.60129
published_at 2026-06-04T12:55:00Z
2
value 0.00387
scoring_system epss
scoring_elements 0.60179
published_at 2026-06-06T12:55:00Z
3
value 0.00387
scoring_system epss
scoring_elements 0.60176
published_at 2026-06-05T12:55:00Z
4
value 0.00387
scoring_system epss
scoring_elements 0.60166
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25828
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.wikimedia.org/pipermail/mediawiki-announce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-announce
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
15
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25828
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25828
17
reference_url https://phabricator.wikimedia.org/T115888
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T115888
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903776
reference_id 1903776
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903776
19
reference_url https://github.com/advisories/GHSA-h8qx-mj6v-2934
reference_id GHSA-h8qx-mj6v-2934
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h8qx-mj6v-2934
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.9
purl pkg:composer/mediawiki/core@1.31.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7fnd-1drh-rfcq
1
vulnerability VCID-najx-n63u-tqf5
2
vulnerability VCID-wte4-8b73-p3hw
3
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9
1
url pkg:composer/mediawiki/core@1.34.3
purl pkg:composer/mediawiki/core@1.34.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
1
vulnerability VCID-wte4-8b73-p3hw
2
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3
2
url pkg:composer/mediawiki/core@1.35.0
purl pkg:composer/mediawiki/core@1.35.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-najx-n63u-tqf5
1
vulnerability VCID-wte4-8b73-p3hw
2
vulnerability VCID-xxzh-tyxs-6ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0
aliases CVE-2020-25828, GHSA-h8qx-mj6v-2934
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x8p9-z9ze-n7ac
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9