Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/mediawiki/core@1.28.0

Type composer

Namespace mediawiki

Name core

Version 1.28.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.35.12

Latest_non_vulnerable_version 1.40.1

Affected_by_vulnerabilities

url VCID-6cu8-8hhm-87as

vulnerability_id VCID-6cu8-8hhm-87as

summary

MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

reference_id

reference_type

scores

value	0.11025
scoring_system	epss
scoring_elements	0.93557
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url

https://github.com/wikimedia/mediawiki

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki

reference_url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_url

https://phabricator.wikimedia.org/T333050

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://phabricator.wikimedia.org/T333050

reference_url

https://www.debian.org/security/2023/dsa-5520

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://www.debian.org/security/2023/dsa-5520

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_id

CVE-2023-45363

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

reference_id

GHSA-w5fx-cx7f-6vr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

fixed_packages

url	pkg:composer/mediawiki/core@1.35.12
purl	pkg:composer/mediawiki/core@1.35.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.12

url	pkg:composer/mediawiki/core@1.39.5
purl	pkg:composer/mediawiki/core@1.39.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.5

url	pkg:composer/mediawiki/core@1.40.1
purl	pkg:composer/mediawiki/core@1.40.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.40.1

aliases CVE-2023-45363, GHSA-w5fx-cx7f-6vr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cu8-8hhm-87as

url VCID-99m1-g55e-fudp

vulnerability_id VCID-99m1-g55e-fudp

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_id

reference_type

scores

value	0.00689
scoring_system	epss
scoring_elements	0.721
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/

reference_url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
reference_id
reference_type
scores
url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/

reference_url

https://phabricator.wikimedia.org/T284419

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T284419

reference_url

https://security.gentoo.org/glsa/202305-24

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202305-24

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517
reference_id	2009517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517

reference_url

https://security.archlinux.org/AVG-2434

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2434

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41800

reference_id

CVE-2021-41800

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41800

reference_url

https://github.com/advisories/GHSA-c8wv-qwwc-6j73

reference_id

GHSA-c8wv-qwwc-6j73

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c8wv-qwwc-6j73

fixed_packages

url pkg:composer/mediawiki/core@1.36.2

purl pkg:composer/mediawiki/core@1.36.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6cu8-8hhm-87as

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.36.2

aliases CVE-2021-41800, GHSA-c8wv-qwwc-6j73

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99m1-g55e-fudp

url VCID-furg-xceb-buhv

vulnerability_id VCID-furg-xceb-buhv

summary

X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29141

reference_id

reference_type

scores

value	0.00292
scoring_system	epss
scoring_elements	0.528
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

reference_url

https://github.com/wikimedia/mediawiki

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_url

https://phabricator.wikimedia.org/T285159

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://phabricator.wikimedia.org/T285159

reference_url

https://www.debian.org/security/2023/dsa-5447

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://www.debian.org/security/2023/dsa-5447

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183627
reference_id	2183627
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183627

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29141

reference_id

CVE-2023-29141

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29141

reference_url

https://github.com/advisories/GHSA-5vj8-g3qg-4qh6

reference_id

GHSA-5vj8-g3qg-4qh6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5vj8-g3qg-4qh6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

reference_id

ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

reference_id

ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

fixed_packages

url pkg:composer/mediawiki/core@1.35.10

purl pkg:composer/mediawiki/core@1.35.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6cu8-8hhm-87as

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10

url pkg:composer/mediawiki/core@1.38.6

purl pkg:composer/mediawiki/core@1.38.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6cu8-8hhm-87as

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6

url pkg:composer/mediawiki/core@1.39.3

purl pkg:composer/mediawiki/core@1.39.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6cu8-8hhm-87as

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3

aliases CVE-2023-29141, GHSA-5vj8-g3qg-4qh6

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-furg-xceb-buhv

url VCID-vsp6-mfua-zbh5

vulnerability_id VCID-vsp6-mfua-zbh5

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15005

reference_id

reference_type

scores

value	0.00737
scoring_system	epss
scoring_elements	0.73147
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34

reference_url

https://github.com/wikimedia/mediawiki

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki

reference_url

https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H

reference_url

https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15005

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15005

reference_url

https://phabricator.wikimedia.org/T248947

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T248947

reference_url

https://www.debian.org/security/2020/dsa-4767

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2020/dsa-4767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1851026
reference_id	1851026
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1851026

reference_url	https://github.com/advisories/GHSA-xpv7-93cm-4mxv
reference_id	GHSA-xpv7-93cm-4mxv
reference_type
scores
url	https://github.com/advisories/GHSA-xpv7-93cm-4mxv

fixed_packages

url pkg:composer/mediawiki/core@1.31.8

purl pkg:composer/mediawiki/core@1.31.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-432f-6w1z-v7f2

vulnerability	VCID-6cu8-8hhm-87as

vulnerability	VCID-6g58-gs4d-1baz

vulnerability	VCID-99m1-g55e-fudp

vulnerability	VCID-bd9w-n6jh-9qhg

vulnerability	VCID-furg-xceb-buhv

vulnerability	VCID-pcxn-mmn4-zffd

vulnerability	VCID-y1jj-xqdp-6bc5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.8

url pkg:composer/mediawiki/core@1.33.4

purl pkg:composer/mediawiki/core@1.33.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p69-cp96-1ugz

vulnerability	VCID-432f-6w1z-v7f2

vulnerability	VCID-6cu8-8hhm-87as

vulnerability	VCID-6g58-gs4d-1baz

vulnerability	VCID-99m1-g55e-fudp

vulnerability	VCID-bd9w-n6jh-9qhg

vulnerability	VCID-furg-xceb-buhv

vulnerability	VCID-pcxn-mmn4-zffd

vulnerability	VCID-y1jj-xqdp-6bc5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.4

url pkg:composer/mediawiki/core@1.34.2

purl pkg:composer/mediawiki/core@1.34.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p69-cp96-1ugz

vulnerability	VCID-432f-6w1z-v7f2

vulnerability	VCID-6cu8-8hhm-87as

vulnerability	VCID-6g58-gs4d-1baz

vulnerability	VCID-99m1-g55e-fudp

vulnerability	VCID-9wjv-39x9-3fg6

vulnerability	VCID-bd9w-n6jh-9qhg

vulnerability	VCID-furg-xceb-buhv

vulnerability	VCID-pcxn-mmn4-zffd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.2

aliases CVE-2020-15005, GHSA-xpv7-93cm-4mxv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsp6-mfua-zbh5

url VCID-y1jj-xqdp-6bc5

vulnerability_id VCID-y1jj-xqdp-6bc5

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10959

reference_id

reference_type

scores

value	0.00273
scoring_system	epss
scoring_elements	0.50862
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10959

reference_url

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml

reference_url

https://github.com/wikimedia/mediawiki

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki

reference_url

https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10959

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10959

reference_url

https://phabricator.wikimedia.org/T232932

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T232932

reference_url

https://phabricator.wikimedia.org/T240393

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T240393

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1826079
reference_id	1826079
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1826079

reference_url	https://github.com/advisories/GHSA-mqhw-wq8p-vf5r
reference_id	GHSA-mqhw-wq8p-vf5r
reference_type
scores
url	https://github.com/advisories/GHSA-mqhw-wq8p-vf5r

fixed_packages

url pkg:composer/mediawiki/core@1.34.0-rc.0

purl pkg:composer/mediawiki/core@1.34.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1p69-cp96-1ugz

vulnerability	VCID-432f-6w1z-v7f2

vulnerability	VCID-4886-ekmk-3fdr

vulnerability	VCID-6cu8-8hhm-87as

vulnerability	VCID-6g58-gs4d-1baz

vulnerability	VCID-99m1-g55e-fudp

vulnerability	VCID-bd9w-n6jh-9qhg

vulnerability	VCID-furg-xceb-buhv

vulnerability	VCID-pcxn-mmn4-zffd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.0-rc.0

aliases CVE-2020-10959, GHSA-mqhw-wq8p-vf5r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1jj-xqdp-6bc5

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.28.0

Package Instance