Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mediawiki/core@1.35.0-rc.1
Typecomposer
Namespacemediawiki
Namecore
Version1.35.0-rc.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.35.12
Latest_non_vulnerable_version1.40.1
Affected_by_vulnerabilities
0
url VCID-424y-cjxg-c7az
vulnerability_id VCID-424y-cjxg-c7az
summary 
MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25815
reference_id
reference_type
scores
0
value 0.00387
scoring_system epss
scoring_elements 0.5985
published_at 2026-04-21T12:55:00Z
1
value 0.00387
scoring_system epss
scoring_elements 0.59866
published_at 2026-04-18T12:55:00Z
2
value 0.00387
scoring_system epss
scoring_elements 0.59859
published_at 2026-04-16T12:55:00Z
3
value 0.00387
scoring_system epss
scoring_elements 0.59839
published_at 2026-04-12T12:55:00Z
4
value 0.00387
scoring_system epss
scoring_elements 0.59856
published_at 2026-04-11T12:55:00Z
5
value 0.00387
scoring_system epss
scoring_elements 0.59835
published_at 2026-04-09T12:55:00Z
6
value 0.00387
scoring_system epss
scoring_elements 0.59822
published_at 2026-04-13T12:55:00Z
7
value 0.00387
scoring_system epss
scoring_elements 0.59801
published_at 2026-04-04T12:55:00Z
8
value 0.00387
scoring_system epss
scoring_elements 0.5977
published_at 2026-04-07T12:55:00Z
9
value 0.00387
scoring_system epss
scoring_elements 0.59777
published_at 2026-04-02T12:55:00Z
10
value 0.00387
scoring_system epss
scoring_elements 0.59703
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815
3
reference_url https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml
5
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
7
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
8
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25815
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25815
10
reference_url https://phabricator.wikimedia.org/T256171
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T256171
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903759
reference_id 1903759
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903759
12
reference_url https://github.com/advisories/GHSA-2f58-vf6g-6p8x
reference_id GHSA-2f58-vf6g-6p8x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2f58-vf6g-6p8x
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.0
purl pkg:composer/mediawiki/core@1.35.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0
aliases CVE-2020-25815, GHSA-2f58-vf6g-6p8x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-424y-cjxg-c7az
1
url VCID-7eba-7gsc-hbfg
vulnerability_id VCID-7eba-7gsc-hbfg
summary 
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29141
reference_id
reference_type
scores
0
value 0.00251
scoring_system epss
scoring_elements 0.48447
published_at 2026-04-12T12:55:00Z
1
value 0.00251
scoring_system epss
scoring_elements 0.48449
published_at 2026-04-09T12:55:00Z
2
value 0.00251
scoring_system epss
scoring_elements 0.48509
published_at 2026-04-16T12:55:00Z
3
value 0.00251
scoring_system epss
scoring_elements 0.48459
published_at 2026-04-13T12:55:00Z
4
value 0.00251
scoring_system epss
scoring_elements 0.48473
published_at 2026-04-11T12:55:00Z
5
value 0.00251
scoring_system epss
scoring_elements 0.48426
published_at 2026-04-02T12:55:00Z
6
value 0.00251
scoring_system epss
scoring_elements 0.48448
published_at 2026-04-04T12:55:00Z
7
value 0.00251
scoring_system epss
scoring_elements 0.48401
published_at 2026-04-07T12:55:00Z
8
value 0.00251
scoring_system epss
scoring_elements 0.48455
published_at 2026-04-08T12:55:00Z
9
value 0.00292
scoring_system epss
scoring_elements 0.52609
published_at 2026-04-18T12:55:00Z
10
value 0.00292
scoring_system epss
scoring_elements 0.52594
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29141
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
5
reference_url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
6
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
7
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
10
reference_url https://phabricator.wikimedia.org/T285159
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://phabricator.wikimedia.org/T285159
11
reference_url https://www.debian.org/security/2023/dsa-5447
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://www.debian.org/security/2023/dsa-5447
12
reference_url https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
13
reference_url https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
14
reference_url https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183627
reference_id 2183627
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183627
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29141
reference_id CVE-2023-29141
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29141
17
reference_url https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
reference_id GHSA-5vj8-g3qg-4qh6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
reference_id ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
reference_id ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.10
purl pkg:composer/mediawiki/core@1.35.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm7q-2w3j-buhh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10
1
url pkg:composer/mediawiki/core@1.38.6
purl pkg:composer/mediawiki/core@1.38.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm7q-2w3j-buhh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6
2
url pkg:composer/mediawiki/core@1.39.3
purl pkg:composer/mediawiki/core@1.39.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm7q-2w3j-buhh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3
aliases CVE-2023-29141, GHSA-5vj8-g3qg-4qh6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg
2
url VCID-azup-qzq7-sbh6
vulnerability_id VCID-azup-qzq7-sbh6
summary 
MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25814
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56468
published_at 2026-04-21T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56498
published_at 2026-04-18T12:55:00Z
2
value 0.00336
scoring_system epss
scoring_elements 0.56464
published_at 2026-04-13T12:55:00Z
3
value 0.00336
scoring_system epss
scoring_elements 0.56483
published_at 2026-04-12T12:55:00Z
4
value 0.00336
scoring_system epss
scoring_elements 0.56507
published_at 2026-04-11T12:55:00Z
5
value 0.00336
scoring_system epss
scoring_elements 0.56497
published_at 2026-04-16T12:55:00Z
6
value 0.00336
scoring_system epss
scoring_elements 0.56441
published_at 2026-04-07T12:55:00Z
7
value 0.00336
scoring_system epss
scoring_elements 0.5646
published_at 2026-04-04T12:55:00Z
8
value 0.00336
scoring_system epss
scoring_elements 0.56492
published_at 2026-04-08T12:55:00Z
9
value 0.00336
scoring_system epss
scoring_elements 0.56437
published_at 2026-04-02T12:55:00Z
10
value 0.00336
scoring_system epss
scoring_elements 0.56339
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25814
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25814
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25814
16
reference_url https://phabricator.wikimedia.org/T86738
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T86738
17
reference_url https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903774
reference_id 1903774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903774
19
reference_url https://github.com/advisories/GHSA-4vr7-m8p8-434h
reference_id GHSA-4vr7-m8p8-434h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vr7-m8p8-434h
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.0
purl pkg:composer/mediawiki/core@1.35.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0
aliases CVE-2020-25814, GHSA-4vr7-m8p8-434h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6
3
url VCID-h8jw-brz8-hkfn
vulnerability_id VCID-h8jw-brz8-hkfn
summary 
MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25812
reference_id
reference_type
scores
0
value 0.00371
scoring_system epss
scoring_elements 0.58937
published_at 2026-04-21T12:55:00Z
1
value 0.00371
scoring_system epss
scoring_elements 0.58958
published_at 2026-04-18T12:55:00Z
2
value 0.00371
scoring_system epss
scoring_elements 0.58954
published_at 2026-04-16T12:55:00Z
3
value 0.00371
scoring_system epss
scoring_elements 0.5892
published_at 2026-04-13T12:55:00Z
4
value 0.00371
scoring_system epss
scoring_elements 0.58939
published_at 2026-04-12T12:55:00Z
5
value 0.00371
scoring_system epss
scoring_elements 0.58957
published_at 2026-04-11T12:55:00Z
6
value 0.00371
scoring_system epss
scoring_elements 0.58938
published_at 2026-04-09T12:55:00Z
7
value 0.00371
scoring_system epss
scoring_elements 0.58933
published_at 2026-04-08T12:55:00Z
8
value 0.00371
scoring_system epss
scoring_elements 0.58881
published_at 2026-04-07T12:55:00Z
9
value 0.00371
scoring_system epss
scoring_elements 0.58817
published_at 2026-04-01T12:55:00Z
10
value 0.00371
scoring_system epss
scoring_elements 0.58913
published_at 2026-04-04T12:55:00Z
11
value 0.00371
scoring_system epss
scoring_elements 0.58892
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25812
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
15
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25812
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25812
17
reference_url https://phabricator.wikimedia.org/T255918
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T255918
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903767
reference_id 1903767
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903767
19
reference_url https://github.com/advisories/GHSA-rj9p-8jxj-2ch4
reference_id GHSA-rj9p-8jxj-2ch4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rj9p-8jxj-2ch4
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.0
purl pkg:composer/mediawiki/core@1.35.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0
aliases CVE-2020-25812, GHSA-rj9p-8jxj-2ch4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8jw-brz8-hkfn
4
url VCID-jm7q-2w3j-buhh
vulnerability_id VCID-jm7q-2w3j-buhh
summary 
MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45363
reference_id
reference_type
scores
0
value 0.11025
scoring_system epss
scoring_elements 0.93415
published_at 2026-04-07T12:55:00Z
1
value 0.11025
scoring_system epss
scoring_elements 0.93464
published_at 2026-04-21T12:55:00Z
2
value 0.11025
scoring_system epss
scoring_elements 0.93458
published_at 2026-04-18T12:55:00Z
3
value 0.11025
scoring_system epss
scoring_elements 0.93407
published_at 2026-04-02T12:55:00Z
4
value 0.11025
scoring_system epss
scoring_elements 0.93452
published_at 2026-04-16T12:55:00Z
5
value 0.11025
scoring_system epss
scoring_elements 0.93433
published_at 2026-04-13T12:55:00Z
6
value 0.11025
scoring_system epss
scoring_elements 0.93432
published_at 2026-04-12T12:55:00Z
7
value 0.11025
scoring_system epss
scoring_elements 0.93427
published_at 2026-04-09T12:55:00Z
8
value 0.11025
scoring_system epss
scoring_elements 0.93424
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45363
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
5
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
6
reference_url https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8
7
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
8
reference_url https://phabricator.wikimedia.org/T333050
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/
url https://phabricator.wikimedia.org/T333050
9
reference_url https://www.debian.org/security/2023/dsa-5520
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/
url https://www.debian.org/security/2023/dsa-5520
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45363
reference_id CVE-2023-45363
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45363
11
reference_url https://github.com/advisories/GHSA-w5fx-cx7f-6vr9
reference_id GHSA-w5fx-cx7f-6vr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w5fx-cx7f-6vr9
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.12
purl pkg:composer/mediawiki/core@1.35.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.12
1
url pkg:composer/mediawiki/core@1.39.5
purl pkg:composer/mediawiki/core@1.39.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.5
2
url pkg:composer/mediawiki/core@1.40.1
purl pkg:composer/mediawiki/core@1.40.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.40.1
aliases CVE-2023-45363, GHSA-w5fx-cx7f-6vr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh
5
url VCID-pm5t-23j4-6yh6
vulnerability_id VCID-pm5t-23j4-6yh6
summary 
MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25828
reference_id
reference_type
scores
0
value 0.00387
scoring_system epss
scoring_elements 0.5985
published_at 2026-04-21T12:55:00Z
1
value 0.00387
scoring_system epss
scoring_elements 0.59866
published_at 2026-04-18T12:55:00Z
2
value 0.00387
scoring_system epss
scoring_elements 0.59859
published_at 2026-04-16T12:55:00Z
3
value 0.00387
scoring_system epss
scoring_elements 0.59839
published_at 2026-04-12T12:55:00Z
4
value 0.00387
scoring_system epss
scoring_elements 0.59856
published_at 2026-04-11T12:55:00Z
5
value 0.00387
scoring_system epss
scoring_elements 0.59835
published_at 2026-04-09T12:55:00Z
6
value 0.00387
scoring_system epss
scoring_elements 0.59703
published_at 2026-04-01T12:55:00Z
7
value 0.00387
scoring_system epss
scoring_elements 0.59822
published_at 2026-04-13T12:55:00Z
8
value 0.00387
scoring_system epss
scoring_elements 0.5977
published_at 2026-04-07T12:55:00Z
9
value 0.00387
scoring_system epss
scoring_elements 0.59777
published_at 2026-04-02T12:55:00Z
10
value 0.00387
scoring_system epss
scoring_elements 0.59801
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25828
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.wikimedia.org/pipermail/mediawiki-announce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-announce
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
15
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25828
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25828
17
reference_url https://phabricator.wikimedia.org/T115888
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T115888
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903776
reference_id 1903776
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903776
19
reference_url https://github.com/advisories/GHSA-h8qx-mj6v-2934
reference_id GHSA-h8qx-mj6v-2934
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h8qx-mj6v-2934
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.0
purl pkg:composer/mediawiki/core@1.35.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0
aliases CVE-2020-25828, GHSA-h8qx-mj6v-2934
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6
6
url VCID-z9d9-aer5-gfa9
vulnerability_id VCID-z9d9-aer5-gfa9
summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41800
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.3925
published_at 2026-04-21T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39342
published_at 2026-04-08T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39337
published_at 2026-04-18T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.39365
published_at 2026-04-16T12:55:00Z
4
value 0.00177
scoring_system epss
scoring_elements 0.39313
published_at 2026-04-13T12:55:00Z
5
value 0.00177
scoring_system epss
scoring_elements 0.39331
published_at 2026-04-12T12:55:00Z
6
value 0.00177
scoring_system epss
scoring_elements 0.39164
published_at 2026-04-01T12:55:00Z
7
value 0.00177
scoring_system epss
scoring_elements 0.39371
published_at 2026-04-11T12:55:00Z
8
value 0.00177
scoring_system epss
scoring_elements 0.3935
published_at 2026-04-02T12:55:00Z
9
value 0.00177
scoring_system epss
scoring_elements 0.39374
published_at 2026-04-04T12:55:00Z
10
value 0.00177
scoring_system epss
scoring_elements 0.39287
published_at 2026-04-07T12:55:00Z
11
value 0.00177
scoring_system epss
scoring_elements 0.39359
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41800
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
7
reference_url https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
14
reference_url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5
15
reference_url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
reference_id
reference_type
scores
url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41800
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41800
17
reference_url https://phabricator.wikimedia.org/T284419
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T284419
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2009517
reference_id 2009517
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2009517
19
reference_url https://security.archlinux.org/AVG-2434
reference_id AVG-2434
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2434
20
reference_url https://github.com/advisories/GHSA-c8wv-qwwc-6j73
reference_id GHSA-c8wv-qwwc-6j73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c8wv-qwwc-6j73
21
reference_url https://security.gentoo.org/glsa/202305-24
reference_id GLSA-202305-24
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202305-24
fixed_packages
0
url pkg:composer/mediawiki/core@1.36.2
purl pkg:composer/mediawiki/core@1.36.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm7q-2w3j-buhh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.36.2
aliases CVE-2021-41800, GHSA-c8wv-qwwc-6j73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0-rc.1