| 0 |
| url |
VCID-1697-p35n-fber |
| vulnerability_id |
VCID-1697-p35n-fber |
| summary |
Wikimedia MediaWiki allows CSRF
Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12466 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39621 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39524 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39608 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39615 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.3956 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39644 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39472 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39637 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39602 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39639 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39629 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12466 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12466, GHSA-27fw-r78j-h898
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1697-p35n-fber |
|
| 1 |
| url |
VCID-1866-gt2g-1qfv |
| vulnerability_id |
VCID-1866-gt2g-1qfv |
| summary |
MediaWiki Incorrect Access Control vulnerability
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12469 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.35983 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36026 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36093 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36092 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36042 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36207 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36178 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36052 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36078 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36116 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.3611 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12469 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12469, GHSA-x3fr-w7r5-x7rg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1866-gt2g-1qfv |
|
| 2 |
| url |
VCID-7eba-7gsc-hbfg |
| vulnerability_id |
VCID-7eba-7gsc-hbfg |
| summary |
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29141 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48447 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48449 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48509 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48459 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48473 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48426 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48448 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48401 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48455 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52609 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52594 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29141 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29141, GHSA-5vj8-g3qg-4qh6
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg |
|
| 3 |
| url |
VCID-9qyu-z71g-1qbq |
| vulnerability_id |
VCID-9qyu-z71g-1qbq |
| summary |
MediaWiki Open Redirect vulnerability
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10959 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50738 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50757 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50752 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50727 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.5075 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50701 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50712 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50657 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50675 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50622 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50708 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10959 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-10959, GHSA-mqhw-wq8p-vf5r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9qyu-z71g-1qbq |
|
| 4 |
| url |
VCID-bbef-akjp-a3gp |
| vulnerability_id |
VCID-bbef-akjp-a3gp |
| summary |
Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12473 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64506 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64576 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.6459 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64579 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64545 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64573 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64518 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64464 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64548 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64586 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.6457 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64554 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12473 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12473, GHSA-33xw-x3pr-rvqj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bbef-akjp-a3gp |
|
| 5 |
| url |
VCID-gma6-b9cy-kqee |
| vulnerability_id |
VCID-gma6-b9cy-kqee |
| summary |
MediaWiki Incorrect Access Control vulnerability
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12467 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53131 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53224 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53241 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53235 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53198 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53214 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53139 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53118 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53163 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53229 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53178 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53185 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12467 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12467, GHSA-6vfg-8ppv-h5hg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gma6-b9cy-kqee |
|
| 6 |
| url |
VCID-jm7q-2w3j-buhh |
| vulnerability_id |
VCID-jm7q-2w3j-buhh |
| summary |
MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-45363 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93415 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93464 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93458 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93407 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93452 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93433 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93432 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93427 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93424 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-45363 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/wikimedia/mediawiki |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/wikimedia/mediawiki |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://phabricator.wikimedia.org/T333050 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/ |
|
|
| url |
https://phabricator.wikimedia.org/T333050 |
|
| 9 |
| reference_url |
https://www.debian.org/security/2023/dsa-5520 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/ |
|
|
| url |
https://www.debian.org/security/2023/dsa-5520 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-45363, GHSA-w5fx-cx7f-6vr9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh |
|
| 7 |
| url |
VCID-kjp3-cs2f-t7b4 |
| vulnerability_id |
VCID-kjp3-cs2f-t7b4 |
| summary |
MediaWiki Cross-site Scripting (XSS)
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12471 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58044 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58082 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58107 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58106 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58075 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58095 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58048 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.57963 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.5807 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58118 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58102 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00359 |
| scoring_system |
epss |
| scoring_elements |
0.58099 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12471 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12471, GHSA-2rm7-xxx8-35jh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kjp3-cs2f-t7b4 |
|
| 8 |
| url |
VCID-qmx3-kcnd-zuhe |
| vulnerability_id |
VCID-qmx3-kcnd-zuhe |
| summary |
Wikimedia MediaWiki Incorrect Access Control vulnerability
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12468 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66728 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66797 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66814 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66774 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66725 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66753 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66688 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.668 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66766 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66796 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.6681 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66789 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12468 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12468, GHSA-wrhx-3pxr-6vgg
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qmx3-kcnd-zuhe |
|
| 9 |
| url |
VCID-sf61-byhw-17gv |
| vulnerability_id |
VCID-sf61-byhw-17gv |
| summary |
Mediawiki Improper Privilege Management
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0503 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59493 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59631 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59647 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.5964 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59607 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59627 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59611 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.5956 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59591 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59566 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59643 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59624 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0503 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mediawiki/core@1.27.5 |
| purl |
pkg:composer/mediawiki/core@1.27.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1697-p35n-fber |
|
| 1 |
| vulnerability |
VCID-1866-gt2g-1qfv |
|
| 2 |
| vulnerability |
VCID-7eba-7gsc-hbfg |
|
| 3 |
| vulnerability |
VCID-9qyu-z71g-1qbq |
|
| 4 |
| vulnerability |
VCID-bbef-akjp-a3gp |
|
| 5 |
| vulnerability |
VCID-gma6-b9cy-kqee |
|
| 6 |
| vulnerability |
VCID-jm7q-2w3j-buhh |
|
| 7 |
| vulnerability |
VCID-kjp3-cs2f-t7b4 |
|
| 8 |
| vulnerability |
VCID-qmx3-kcnd-zuhe |
|
| 9 |
| vulnerability |
VCID-tq2e-c9ym-a3hj |
|
| 10 |
| vulnerability |
VCID-u2xc-ztge-p3bv |
|
| 11 |
| vulnerability |
VCID-yr8d-347g-pugg |
|
| 12 |
| vulnerability |
VCID-z9d9-aer5-gfa9 |
|
| 13 |
| vulnerability |
VCID-zgdf-mxfn-gbea |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.5 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/mediawiki/core@1.30.1 |
| purl |
pkg:composer/mediawiki/core@1.30.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1697-p35n-fber |
|
| 1 |
| vulnerability |
VCID-1866-gt2g-1qfv |
|
| 2 |
| vulnerability |
VCID-7eba-7gsc-hbfg |
|
| 3 |
| vulnerability |
VCID-9qyu-z71g-1qbq |
|
| 4 |
| vulnerability |
VCID-bbef-akjp-a3gp |
|
| 5 |
| vulnerability |
VCID-gma6-b9cy-kqee |
|
| 6 |
| vulnerability |
VCID-jm7q-2w3j-buhh |
|
| 7 |
| vulnerability |
VCID-kjp3-cs2f-t7b4 |
|
| 8 |
| vulnerability |
VCID-qmx3-kcnd-zuhe |
|
| 9 |
| vulnerability |
VCID-tq2e-c9ym-a3hj |
|
| 10 |
| vulnerability |
VCID-u2xc-ztge-p3bv |
|
| 11 |
| vulnerability |
VCID-yr8d-347g-pugg |
|
| 12 |
| vulnerability |
VCID-z9d9-aer5-gfa9 |
|
| 13 |
| vulnerability |
VCID-zgdf-mxfn-gbea |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1 |
|
| 3 |
| url |
pkg:composer/mediawiki/core@1.31.1 |
| purl |
pkg:composer/mediawiki/core@1.31.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1697-p35n-fber |
|
| 1 |
| vulnerability |
VCID-1866-gt2g-1qfv |
|
| 2 |
| vulnerability |
VCID-4keq-jcfa-13hc |
|
| 3 |
| vulnerability |
VCID-7eba-7gsc-hbfg |
|
| 4 |
| vulnerability |
VCID-9qyu-z71g-1qbq |
|
| 5 |
| vulnerability |
VCID-arzd-7xhw-qqb4 |
|
| 6 |
| vulnerability |
VCID-azup-qzq7-sbh6 |
|
| 7 |
| vulnerability |
VCID-bbef-akjp-a3gp |
|
| 8 |
| vulnerability |
VCID-gma6-b9cy-kqee |
|
| 9 |
| vulnerability |
VCID-jm7q-2w3j-buhh |
|
| 10 |
| vulnerability |
VCID-kjp3-cs2f-t7b4 |
|
| 11 |
| vulnerability |
VCID-pm5t-23j4-6yh6 |
|
| 12 |
| vulnerability |
VCID-qmx3-kcnd-zuhe |
|
| 13 |
| vulnerability |
VCID-t6w8-cgct-gbgz |
|
| 14 |
| vulnerability |
VCID-tq2e-c9ym-a3hj |
|
| 15 |
| vulnerability |
VCID-u2xc-ztge-p3bv |
|
| 16 |
| vulnerability |
VCID-ujdn-y48t-pbch |
|
| 17 |
| vulnerability |
VCID-yr8d-347g-pugg |
|
| 18 |
| vulnerability |
VCID-z9d9-aer5-gfa9 |
|
| 19 |
| vulnerability |
VCID-zgdf-mxfn-gbea |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1 |
|
|
| aliases |
CVE-2018-0503, GHSA-mhfv-9h99-jwg7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sf61-byhw-17gv |
|
| 10 |
| url |
VCID-tq2e-c9ym-a3hj |
| vulnerability_id |
VCID-tq2e-c9ym-a3hj |
| summary |
Wikimedia information leak vulnerability
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12474 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49391 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49445 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49475 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49478 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49432 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.4943 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49411 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49382 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49438 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49458 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49441 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49446 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12474 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12474, GHSA-2qrr-c2gh-pr35
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tq2e-c9ym-a3hj |
|
| 11 |
| url |
VCID-u2xc-ztge-p3bv |
| vulnerability_id |
VCID-u2xc-ztge-p3bv |
| summary |
MediaWiki Incorrect Access Control vulnerability
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12472 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.3576 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35707 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35905 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35935 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35765 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35816 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35838 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35845 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35805 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35782 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35821 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35809 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12472 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12472, GHSA-7mqg-5fgh-xh4r
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u2xc-ztge-p3bv |
|
| 12 |
| url |
VCID-v27j-4pnt-n7h9 |
| vulnerability_id |
VCID-v27j-4pnt-n7h9 |
| summary |
Mediawiki BotPassword can bypass CentralAuth's account lock
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0505 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62309 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.6245 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62466 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.6246 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62415 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62437 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62411 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62362 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62397 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62367 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62447 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62428 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0505 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mediawiki/core@1.27.5 |
| purl |
pkg:composer/mediawiki/core@1.27.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1697-p35n-fber |
|
| 1 |
| vulnerability |
VCID-1866-gt2g-1qfv |
|
| 2 |
| vulnerability |
VCID-7eba-7gsc-hbfg |
|
| 3 |
| vulnerability |
VCID-9qyu-z71g-1qbq |
|
| 4 |
| vulnerability |
VCID-bbef-akjp-a3gp |
|
| 5 |
| vulnerability |
VCID-gma6-b9cy-kqee |
|
| 6 |
| vulnerability |
VCID-jm7q-2w3j-buhh |
|
| 7 |
| vulnerability |
VCID-kjp3-cs2f-t7b4 |
|
| 8 |
| vulnerability |
VCID-qmx3-kcnd-zuhe |
|
| 9 |
| vulnerability |
VCID-tq2e-c9ym-a3hj |
|
| 10 |
| vulnerability |
VCID-u2xc-ztge-p3bv |
|
| 11 |
| vulnerability |
VCID-yr8d-347g-pugg |
|
| 12 |
| vulnerability |
VCID-z9d9-aer5-gfa9 |
|
| 13 |
| vulnerability |
VCID-zgdf-mxfn-gbea |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.5 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/mediawiki/core@1.30.1 |
| purl |
pkg:composer/mediawiki/core@1.30.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1697-p35n-fber |
|
| 1 |
| vulnerability |
VCID-1866-gt2g-1qfv |
|
| 2 |
| vulnerability |
VCID-7eba-7gsc-hbfg |
|
| 3 |
| vulnerability |
VCID-9qyu-z71g-1qbq |
|
| 4 |
| vulnerability |
VCID-bbef-akjp-a3gp |
|
| 5 |
| vulnerability |
VCID-gma6-b9cy-kqee |
|
| 6 |
| vulnerability |
VCID-jm7q-2w3j-buhh |
|
| 7 |
| vulnerability |
VCID-kjp3-cs2f-t7b4 |
|
| 8 |
| vulnerability |
VCID-qmx3-kcnd-zuhe |
|
| 9 |
| vulnerability |
VCID-tq2e-c9ym-a3hj |
|
| 10 |
| vulnerability |
VCID-u2xc-ztge-p3bv |
|
| 11 |
| vulnerability |
VCID-yr8d-347g-pugg |
|
| 12 |
| vulnerability |
VCID-z9d9-aer5-gfa9 |
|
| 13 |
| vulnerability |
VCID-zgdf-mxfn-gbea |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1 |
|
| 3 |
| url |
pkg:composer/mediawiki/core@1.31.1 |
| purl |
pkg:composer/mediawiki/core@1.31.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1697-p35n-fber |
|
| 1 |
| vulnerability |
VCID-1866-gt2g-1qfv |
|
| 2 |
| vulnerability |
VCID-4keq-jcfa-13hc |
|
| 3 |
| vulnerability |
VCID-7eba-7gsc-hbfg |
|
| 4 |
| vulnerability |
VCID-9qyu-z71g-1qbq |
|
| 5 |
| vulnerability |
VCID-arzd-7xhw-qqb4 |
|
| 6 |
| vulnerability |
VCID-azup-qzq7-sbh6 |
|
| 7 |
| vulnerability |
VCID-bbef-akjp-a3gp |
|
| 8 |
| vulnerability |
VCID-gma6-b9cy-kqee |
|
| 9 |
| vulnerability |
VCID-jm7q-2w3j-buhh |
|
| 10 |
| vulnerability |
VCID-kjp3-cs2f-t7b4 |
|
| 11 |
| vulnerability |
VCID-pm5t-23j4-6yh6 |
|
| 12 |
| vulnerability |
VCID-qmx3-kcnd-zuhe |
|
| 13 |
| vulnerability |
VCID-t6w8-cgct-gbgz |
|
| 14 |
| vulnerability |
VCID-tq2e-c9ym-a3hj |
|
| 15 |
| vulnerability |
VCID-u2xc-ztge-p3bv |
|
| 16 |
| vulnerability |
VCID-ujdn-y48t-pbch |
|
| 17 |
| vulnerability |
VCID-yr8d-347g-pugg |
|
| 18 |
| vulnerability |
VCID-z9d9-aer5-gfa9 |
|
| 19 |
| vulnerability |
VCID-zgdf-mxfn-gbea |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1 |
|
|
| aliases |
CVE-2018-0505, GHSA-5c6w-f4w2-2grp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v27j-4pnt-n7h9 |
|
| 13 |
| url |
VCID-w3f8-nrqd-p7gq |
| vulnerability_id |
VCID-w3f8-nrqd-p7gq |
| summary |
Mediawiki information disclosure vulnerability
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0504 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01531 |
| scoring_system |
epss |
| scoring_elements |
0.81353 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81702 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81805 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.8176 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81733 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81736 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81713 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81804 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81767 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81772 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81784 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.01612 |
| scoring_system |
epss |
| scoring_elements |
0.81765 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-0504 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mediawiki/core@1.27.5 |
| purl |
pkg:composer/mediawiki/core@1.27.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1697-p35n-fber |
|
| 1 |
| vulnerability |
VCID-1866-gt2g-1qfv |
|
| 2 |
| vulnerability |
VCID-7eba-7gsc-hbfg |
|
| 3 |
| vulnerability |
VCID-9qyu-z71g-1qbq |
|
| 4 |
| vulnerability |
VCID-bbef-akjp-a3gp |
|
| 5 |
| vulnerability |
VCID-gma6-b9cy-kqee |
|
| 6 |
| vulnerability |
VCID-jm7q-2w3j-buhh |
|
| 7 |
| vulnerability |
VCID-kjp3-cs2f-t7b4 |
|
| 8 |
| vulnerability |
VCID-qmx3-kcnd-zuhe |
|
| 9 |
| vulnerability |
VCID-tq2e-c9ym-a3hj |
|
| 10 |
| vulnerability |
VCID-u2xc-ztge-p3bv |
|
| 11 |
| vulnerability |
VCID-yr8d-347g-pugg |
|
| 12 |
| vulnerability |
VCID-z9d9-aer5-gfa9 |
|
| 13 |
| vulnerability |
VCID-zgdf-mxfn-gbea |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.5 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/mediawiki/core@1.30.1 |
| purl |
pkg:composer/mediawiki/core@1.30.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1697-p35n-fber |
|
| 1 |
| vulnerability |
VCID-1866-gt2g-1qfv |
|
| 2 |
| vulnerability |
VCID-7eba-7gsc-hbfg |
|
| 3 |
| vulnerability |
VCID-9qyu-z71g-1qbq |
|
| 4 |
| vulnerability |
VCID-bbef-akjp-a3gp |
|
| 5 |
| vulnerability |
VCID-gma6-b9cy-kqee |
|
| 6 |
| vulnerability |
VCID-jm7q-2w3j-buhh |
|
| 7 |
| vulnerability |
VCID-kjp3-cs2f-t7b4 |
|
| 8 |
| vulnerability |
VCID-qmx3-kcnd-zuhe |
|
| 9 |
| vulnerability |
VCID-tq2e-c9ym-a3hj |
|
| 10 |
| vulnerability |
VCID-u2xc-ztge-p3bv |
|
| 11 |
| vulnerability |
VCID-yr8d-347g-pugg |
|
| 12 |
| vulnerability |
VCID-z9d9-aer5-gfa9 |
|
| 13 |
| vulnerability |
VCID-zgdf-mxfn-gbea |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1 |
|
| 3 |
| url |
pkg:composer/mediawiki/core@1.31.1 |
| purl |
pkg:composer/mediawiki/core@1.31.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1697-p35n-fber |
|
| 1 |
| vulnerability |
VCID-1866-gt2g-1qfv |
|
| 2 |
| vulnerability |
VCID-4keq-jcfa-13hc |
|
| 3 |
| vulnerability |
VCID-7eba-7gsc-hbfg |
|
| 4 |
| vulnerability |
VCID-9qyu-z71g-1qbq |
|
| 5 |
| vulnerability |
VCID-arzd-7xhw-qqb4 |
|
| 6 |
| vulnerability |
VCID-azup-qzq7-sbh6 |
|
| 7 |
| vulnerability |
VCID-bbef-akjp-a3gp |
|
| 8 |
| vulnerability |
VCID-gma6-b9cy-kqee |
|
| 9 |
| vulnerability |
VCID-jm7q-2w3j-buhh |
|
| 10 |
| vulnerability |
VCID-kjp3-cs2f-t7b4 |
|
| 11 |
| vulnerability |
VCID-pm5t-23j4-6yh6 |
|
| 12 |
| vulnerability |
VCID-qmx3-kcnd-zuhe |
|
| 13 |
| vulnerability |
VCID-t6w8-cgct-gbgz |
|
| 14 |
| vulnerability |
VCID-tq2e-c9ym-a3hj |
|
| 15 |
| vulnerability |
VCID-u2xc-ztge-p3bv |
|
| 16 |
| vulnerability |
VCID-ujdn-y48t-pbch |
|
| 17 |
| vulnerability |
VCID-yr8d-347g-pugg |
|
| 18 |
| vulnerability |
VCID-z9d9-aer5-gfa9 |
|
| 19 |
| vulnerability |
VCID-zgdf-mxfn-gbea |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1 |
|
|
| aliases |
CVE-2018-0504, GHSA-hr8v-f4g2-p66f
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w3f8-nrqd-p7gq |
|
| 14 |
| url |
VCID-yr8d-347g-pugg |
| vulnerability_id |
VCID-yr8d-347g-pugg |
| summary |
Wikimedia MediaWik exposed suppressed log in RevisionDelete page
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12470 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.3805 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37936 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38018 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38007 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37956 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38074 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37889 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37973 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37998 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38034 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38017 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12470 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12470, GHSA-733q-m38x-q7cc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yr8d-347g-pugg |
|
| 15 |
| url |
VCID-z9d9-aer5-gfa9 |
| vulnerability_id |
VCID-z9d9-aer5-gfa9 |
| summary |
Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41800 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.3925 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39342 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39337 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39365 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39313 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39331 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39164 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39371 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.3935 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39374 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39287 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39359 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41800 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-41800, GHSA-c8wv-qwwc-6j73
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9 |
|
| 16 |
| url |
VCID-zgdf-mxfn-gbea |
| vulnerability_id |
VCID-zgdf-mxfn-gbea |
| summary |
img_auth.php may leak private extension images into the public cache
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-15005 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72868 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72768 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72776 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72796 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72773 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72811 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72825 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.7285 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72833 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72824 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72866 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72876 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-15005 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-15005, GHSA-xpv7-93cm-4mxv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zgdf-mxfn-gbea |
|