Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mediawiki/core@1.31.2
Typecomposer
Namespacemediawiki
Namecore
Version1.31.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.35.12
Latest_non_vulnerable_version1.40.1
Affected_by_vulnerabilities
0
url VCID-4keq-jcfa-13hc
vulnerability_id VCID-4keq-jcfa-13hc
summary 
Possible to circumvent title-blacklist
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19709
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54574
published_at 2026-04-02T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.54605
published_at 2026-04-21T12:55:00Z
2
value 0.00315
scoring_system epss
scoring_elements 0.54625
published_at 2026-04-16T12:55:00Z
3
value 0.00315
scoring_system epss
scoring_elements 0.54587
published_at 2026-04-13T12:55:00Z
4
value 0.00315
scoring_system epss
scoring_elements 0.54613
published_at 2026-04-09T12:55:00Z
5
value 0.00315
scoring_system epss
scoring_elements 0.54618
published_at 2026-04-08T12:55:00Z
6
value 0.00315
scoring_system epss
scoring_elements 0.54567
published_at 2026-04-07T12:55:00Z
7
value 0.00315
scoring_system epss
scoring_elements 0.54597
published_at 2026-04-04T12:55:00Z
8
value 0.00315
scoring_system epss
scoring_elements 0.54502
published_at 2026-04-01T12:55:00Z
9
value 0.00315
scoring_system epss
scoring_elements 0.54608
published_at 2026-04-12T12:55:00Z
10
value 0.00315
scoring_system epss
scoring_elements 0.54626
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19709
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709
2
reference_url https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml
4
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19709
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19709
6
reference_url https://phabricator.wikimedia.org/T239466
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T239466
7
reference_url https://seclists.org/bugtraq/2019/Dec/48
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Dec/48
8
reference_url https://www.debian.org/security/2019/dsa-4592
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4592
9
reference_url https://github.com/advisories/GHSA-pjv5-vv93-p648
reference_id GHSA-pjv5-vv93-p648
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pjv5-vv93-p648
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.6
purl pkg:composer/mediawiki/core@1.31.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-arzd-7xhw-qqb4
3
vulnerability VCID-azup-qzq7-sbh6
4
vulnerability VCID-jm7q-2w3j-buhh
5
vulnerability VCID-pm5t-23j4-6yh6
6
vulnerability VCID-ujdn-y48t-pbch
7
vulnerability VCID-z9d9-aer5-gfa9
8
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.6
1
url pkg:composer/mediawiki/core@1.32.6
purl pkg:composer/mediawiki/core@1.32.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-ujdn-y48t-pbch
8
vulnerability VCID-z9d9-aer5-gfa9
9
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.6
2
url pkg:composer/mediawiki/core@1.33.2
purl pkg:composer/mediawiki/core@1.33.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-ujdn-y48t-pbch
8
vulnerability VCID-z9d9-aer5-gfa9
9
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.2
3
url pkg:composer/mediawiki/core@1.34.0
purl pkg:composer/mediawiki/core@1.34.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-arzd-7xhw-qqb4
3
vulnerability VCID-at9r-vw7p-6bfv
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-h8jw-brz8-hkfn
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.0
aliases CVE-2019-19709, GHSA-pjv5-vv93-p648
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4keq-jcfa-13hc
1
url VCID-7eba-7gsc-hbfg
vulnerability_id VCID-7eba-7gsc-hbfg
summary 
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29141
reference_id
reference_type
scores
0
value 0.00251
scoring_system epss
scoring_elements 0.48447
published_at 2026-04-12T12:55:00Z
1
value 0.00251
scoring_system epss
scoring_elements 0.48449
published_at 2026-04-09T12:55:00Z
2
value 0.00251
scoring_system epss
scoring_elements 0.48509
published_at 2026-04-16T12:55:00Z
3
value 0.00251
scoring_system epss
scoring_elements 0.48459
published_at 2026-04-13T12:55:00Z
4
value 0.00251
scoring_system epss
scoring_elements 0.48473
published_at 2026-04-11T12:55:00Z
5
value 0.00251
scoring_system epss
scoring_elements 0.48426
published_at 2026-04-02T12:55:00Z
6
value 0.00251
scoring_system epss
scoring_elements 0.48448
published_at 2026-04-04T12:55:00Z
7
value 0.00251
scoring_system epss
scoring_elements 0.48401
published_at 2026-04-07T12:55:00Z
8
value 0.00251
scoring_system epss
scoring_elements 0.48455
published_at 2026-04-08T12:55:00Z
9
value 0.00292
scoring_system epss
scoring_elements 0.52609
published_at 2026-04-18T12:55:00Z
10
value 0.00292
scoring_system epss
scoring_elements 0.52594
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29141
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
5
reference_url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
6
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
7
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
10
reference_url https://phabricator.wikimedia.org/T285159
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://phabricator.wikimedia.org/T285159
11
reference_url https://www.debian.org/security/2023/dsa-5447
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://www.debian.org/security/2023/dsa-5447
12
reference_url https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
13
reference_url https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
14
reference_url https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183627
reference_id 2183627
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183627
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29141
reference_id CVE-2023-29141
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29141
17
reference_url https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
reference_id GHSA-5vj8-g3qg-4qh6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
reference_id ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
reference_id ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.10
purl pkg:composer/mediawiki/core@1.35.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm7q-2w3j-buhh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10
1
url pkg:composer/mediawiki/core@1.38.6
purl pkg:composer/mediawiki/core@1.38.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm7q-2w3j-buhh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6
2
url pkg:composer/mediawiki/core@1.39.3
purl pkg:composer/mediawiki/core@1.39.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm7q-2w3j-buhh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3
aliases CVE-2023-29141, GHSA-5vj8-g3qg-4qh6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg
2
url VCID-9qyu-z71g-1qbq
vulnerability_id VCID-9qyu-z71g-1qbq
summary 
MediaWiki Open Redirect vulnerability
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10959
reference_id
reference_type
scores
0
value 0.00273
scoring_system epss
scoring_elements 0.50738
published_at 2026-04-21T12:55:00Z
1
value 0.00273
scoring_system epss
scoring_elements 0.50757
published_at 2026-04-18T12:55:00Z
2
value 0.00273
scoring_system epss
scoring_elements 0.50752
published_at 2026-04-16T12:55:00Z
3
value 0.00273
scoring_system epss
scoring_elements 0.50727
published_at 2026-04-12T12:55:00Z
4
value 0.00273
scoring_system epss
scoring_elements 0.5075
published_at 2026-04-11T12:55:00Z
5
value 0.00273
scoring_system epss
scoring_elements 0.50701
published_at 2026-04-04T12:55:00Z
6
value 0.00273
scoring_system epss
scoring_elements 0.50712
published_at 2026-04-13T12:55:00Z
7
value 0.00273
scoring_system epss
scoring_elements 0.50657
published_at 2026-04-07T12:55:00Z
8
value 0.00273
scoring_system epss
scoring_elements 0.50675
published_at 2026-04-02T12:55:00Z
9
value 0.00273
scoring_system epss
scoring_elements 0.50622
published_at 2026-04-01T12:55:00Z
10
value 0.00273
scoring_system epss
scoring_elements 0.50708
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10959
2
reference_url https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml
4
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
5
reference_url https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10959
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10959
7
reference_url https://phabricator.wikimedia.org/T232932
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T232932
8
reference_url https://phabricator.wikimedia.org/T240393
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T240393
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1826079
reference_id 1826079
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1826079
10
reference_url https://github.com/advisories/GHSA-mqhw-wq8p-vf5r
reference_id GHSA-mqhw-wq8p-vf5r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqhw-wq8p-vf5r
fixed_packages
0
url pkg:composer/mediawiki/core@1.34.0-rc.0
purl pkg:composer/mediawiki/core@1.34.0-rc.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-ujdn-y48t-pbch
8
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.0-rc.0
aliases CVE-2020-10959, GHSA-mqhw-wq8p-vf5r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qyu-z71g-1qbq
3
url VCID-arzd-7xhw-qqb4
vulnerability_id VCID-arzd-7xhw-qqb4
summary 
OATHAuth extension in MediaWiki is not implementing rate limit
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25827
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.46991
published_at 2026-04-21T12:55:00Z
1
value 0.00239
scoring_system epss
scoring_elements 0.47042
published_at 2026-04-18T12:55:00Z
2
value 0.00239
scoring_system epss
scoring_elements 0.46983
published_at 2026-04-12T12:55:00Z
3
value 0.00239
scoring_system epss
scoring_elements 0.46988
published_at 2026-04-08T12:55:00Z
4
value 0.00239
scoring_system epss
scoring_elements 0.46987
published_at 2026-04-04T12:55:00Z
5
value 0.00239
scoring_system epss
scoring_elements 0.4697
published_at 2026-04-02T12:55:00Z
6
value 0.00239
scoring_system epss
scoring_elements 0.46934
published_at 2026-04-07T12:55:00Z
7
value 0.00239
scoring_system epss
scoring_elements 0.47046
published_at 2026-04-16T12:55:00Z
8
value 0.00239
scoring_system epss
scoring_elements 0.4699
published_at 2026-04-13T12:55:00Z
9
value 0.00239
scoring_system epss
scoring_elements 0.4701
published_at 2026-04-11T12:55:00Z
10
value 0.00239
scoring_system epss
scoring_elements 0.46985
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25827
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
15
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25827
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25827
17
reference_url https://phabricator.wikimedia.org/T251661
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T251661
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903761
reference_id 1903761
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903761
19
reference_url https://github.com/advisories/GHSA-rqvj-fc2x-99q6
reference_id GHSA-rqvj-fc2x-99q6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqvj-fc2x-99q6
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.9
purl pkg:composer/mediawiki/core@1.31.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9
1
url pkg:composer/mediawiki/core@1.34.3
purl pkg:composer/mediawiki/core@1.34.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3
aliases CVE-2020-25827, GHSA-rqvj-fc2x-99q6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arzd-7xhw-qqb4
4
url VCID-azup-qzq7-sbh6
vulnerability_id VCID-azup-qzq7-sbh6
summary 
MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25814
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56468
published_at 2026-04-21T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56498
published_at 2026-04-18T12:55:00Z
2
value 0.00336
scoring_system epss
scoring_elements 0.56464
published_at 2026-04-13T12:55:00Z
3
value 0.00336
scoring_system epss
scoring_elements 0.56483
published_at 2026-04-12T12:55:00Z
4
value 0.00336
scoring_system epss
scoring_elements 0.56507
published_at 2026-04-11T12:55:00Z
5
value 0.00336
scoring_system epss
scoring_elements 0.56497
published_at 2026-04-16T12:55:00Z
6
value 0.00336
scoring_system epss
scoring_elements 0.56441
published_at 2026-04-07T12:55:00Z
7
value 0.00336
scoring_system epss
scoring_elements 0.5646
published_at 2026-04-04T12:55:00Z
8
value 0.00336
scoring_system epss
scoring_elements 0.56492
published_at 2026-04-08T12:55:00Z
9
value 0.00336
scoring_system epss
scoring_elements 0.56437
published_at 2026-04-02T12:55:00Z
10
value 0.00336
scoring_system epss
scoring_elements 0.56339
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25814
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25814
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25814
16
reference_url https://phabricator.wikimedia.org/T86738
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T86738
17
reference_url https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903774
reference_id 1903774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903774
19
reference_url https://github.com/advisories/GHSA-4vr7-m8p8-434h
reference_id GHSA-4vr7-m8p8-434h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vr7-m8p8-434h
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.9
purl pkg:composer/mediawiki/core@1.31.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9
1
url pkg:composer/mediawiki/core@1.34.3
purl pkg:composer/mediawiki/core@1.34.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3
2
url pkg:composer/mediawiki/core@1.35.0
purl pkg:composer/mediawiki/core@1.35.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0
aliases CVE-2020-25814, GHSA-4vr7-m8p8-434h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6
5
url VCID-jm7q-2w3j-buhh
vulnerability_id VCID-jm7q-2w3j-buhh
summary 
MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45363
reference_id
reference_type
scores
0
value 0.11025
scoring_system epss
scoring_elements 0.93415
published_at 2026-04-07T12:55:00Z
1
value 0.11025
scoring_system epss
scoring_elements 0.93464
published_at 2026-04-21T12:55:00Z
2
value 0.11025
scoring_system epss
scoring_elements 0.93458
published_at 2026-04-18T12:55:00Z
3
value 0.11025
scoring_system epss
scoring_elements 0.93407
published_at 2026-04-02T12:55:00Z
4
value 0.11025
scoring_system epss
scoring_elements 0.93452
published_at 2026-04-16T12:55:00Z
5
value 0.11025
scoring_system epss
scoring_elements 0.93433
published_at 2026-04-13T12:55:00Z
6
value 0.11025
scoring_system epss
scoring_elements 0.93432
published_at 2026-04-12T12:55:00Z
7
value 0.11025
scoring_system epss
scoring_elements 0.93427
published_at 2026-04-09T12:55:00Z
8
value 0.11025
scoring_system epss
scoring_elements 0.93424
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45363
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
5
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
6
reference_url https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8
7
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
8
reference_url https://phabricator.wikimedia.org/T333050
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/
url https://phabricator.wikimedia.org/T333050
9
reference_url https://www.debian.org/security/2023/dsa-5520
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/
url https://www.debian.org/security/2023/dsa-5520
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45363
reference_id CVE-2023-45363
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45363
11
reference_url https://github.com/advisories/GHSA-w5fx-cx7f-6vr9
reference_id GHSA-w5fx-cx7f-6vr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w5fx-cx7f-6vr9
fixed_packages
0
url pkg:composer/mediawiki/core@1.35.12
purl pkg:composer/mediawiki/core@1.35.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.12
1
url pkg:composer/mediawiki/core@1.39.5
purl pkg:composer/mediawiki/core@1.39.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.5
2
url pkg:composer/mediawiki/core@1.40.1
purl pkg:composer/mediawiki/core@1.40.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.40.1
aliases CVE-2023-45363, GHSA-w5fx-cx7f-6vr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh
6
url VCID-pm5t-23j4-6yh6
vulnerability_id VCID-pm5t-23j4-6yh6
summary 
MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25828
reference_id
reference_type
scores
0
value 0.00387
scoring_system epss
scoring_elements 0.5985
published_at 2026-04-21T12:55:00Z
1
value 0.00387
scoring_system epss
scoring_elements 0.59866
published_at 2026-04-18T12:55:00Z
2
value 0.00387
scoring_system epss
scoring_elements 0.59859
published_at 2026-04-16T12:55:00Z
3
value 0.00387
scoring_system epss
scoring_elements 0.59839
published_at 2026-04-12T12:55:00Z
4
value 0.00387
scoring_system epss
scoring_elements 0.59856
published_at 2026-04-11T12:55:00Z
5
value 0.00387
scoring_system epss
scoring_elements 0.59835
published_at 2026-04-09T12:55:00Z
6
value 0.00387
scoring_system epss
scoring_elements 0.59703
published_at 2026-04-01T12:55:00Z
7
value 0.00387
scoring_system epss
scoring_elements 0.59822
published_at 2026-04-13T12:55:00Z
8
value 0.00387
scoring_system epss
scoring_elements 0.5977
published_at 2026-04-07T12:55:00Z
9
value 0.00387
scoring_system epss
scoring_elements 0.59777
published_at 2026-04-02T12:55:00Z
10
value 0.00387
scoring_system epss
scoring_elements 0.59801
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25828
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.wikimedia.org/pipermail/mediawiki-announce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-announce
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
15
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25828
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25828
17
reference_url https://phabricator.wikimedia.org/T115888
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T115888
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903776
reference_id 1903776
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903776
19
reference_url https://github.com/advisories/GHSA-h8qx-mj6v-2934
reference_id GHSA-h8qx-mj6v-2934
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h8qx-mj6v-2934
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.9
purl pkg:composer/mediawiki/core@1.31.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9
1
url pkg:composer/mediawiki/core@1.34.3
purl pkg:composer/mediawiki/core@1.34.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3
2
url pkg:composer/mediawiki/core@1.35.0
purl pkg:composer/mediawiki/core@1.35.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0
aliases CVE-2020-25828, GHSA-h8qx-mj6v-2934
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6
7
url VCID-t6w8-cgct-gbgz
vulnerability_id VCID-t6w8-cgct-gbgz
summary 
MediaWiki information disclosure
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16738
reference_id
reference_type
scores
0
value 0.00415
scoring_system epss
scoring_elements 0.61711
published_at 2026-04-18T12:55:00Z
1
value 0.00415
scoring_system epss
scoring_elements 0.61705
published_at 2026-04-16T12:55:00Z
2
value 0.00415
scoring_system epss
scoring_elements 0.61536
published_at 2026-04-01T12:55:00Z
3
value 0.00415
scoring_system epss
scoring_elements 0.61659
published_at 2026-04-08T12:55:00Z
4
value 0.00415
scoring_system epss
scoring_elements 0.61611
published_at 2026-04-07T12:55:00Z
5
value 0.00415
scoring_system epss
scoring_elements 0.6164
published_at 2026-04-04T12:55:00Z
6
value 0.00415
scoring_system epss
scoring_elements 0.6161
published_at 2026-04-02T12:55:00Z
7
value 0.00415
scoring_system epss
scoring_elements 0.61664
published_at 2026-04-13T12:55:00Z
8
value 0.00415
scoring_system epss
scoring_elements 0.61684
published_at 2026-04-12T12:55:00Z
9
value 0.00415
scoring_system epss
scoring_elements 0.61695
published_at 2026-04-21T12:55:00Z
10
value 0.00415
scoring_system epss
scoring_elements 0.61674
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16738
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml
4
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16738
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16738
12
reference_url https://phabricator.wikimedia.org/T230402
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T230402
13
reference_url https://seclists.org/bugtraq/2019/Oct/32
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Oct/32
14
reference_url https://www.debian.org/security/2019/dsa-4545
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4545
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1755762
reference_id 1755762
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1755762
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
21
reference_url https://github.com/advisories/GHSA-7hwr-f745-5rwq
reference_id GHSA-7hwr-f745-5rwq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7hwr-f745-5rwq
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.4
purl pkg:composer/mediawiki/core@1.31.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-ujdn-y48t-pbch
8
vulnerability VCID-z9d9-aer5-gfa9
9
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.4
1
url pkg:composer/mediawiki/core@1.32.4
purl pkg:composer/mediawiki/core@1.32.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.4
2
url pkg:composer/mediawiki/core@1.33.1
purl pkg:composer/mediawiki/core@1.33.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.1
aliases CVE-2019-16738, GHSA-7hwr-f745-5rwq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6w8-cgct-gbgz
8
url VCID-ujdn-y48t-pbch
vulnerability_id VCID-ujdn-y48t-pbch
summary 
MediaWiki Special:UserRights exposes the existence of hidden users
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, Special:UserRights exposes the existence of hidden users.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25813
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58639
published_at 2026-04-18T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58634
published_at 2026-04-16T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.5864
published_at 2026-04-11T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58565
published_at 2026-04-07T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58595
published_at 2026-04-04T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58574
published_at 2026-04-02T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58489
published_at 2026-04-01T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.586
published_at 2026-04-13T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.5862
published_at 2026-04-12T12:55:00Z
9
value 0.00366
scoring_system epss
scoring_elements 0.58623
published_at 2026-04-09T12:55:00Z
10
value 0.00366
scoring_system epss
scoring_elements 0.58616
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25813
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml
11
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6
14
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
15
reference_url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
16
reference_url https://meta.wikimedia.org/wiki/Special:UserRights
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://meta.wikimedia.org/wiki/Special:UserRights
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25813
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25813
18
reference_url https://phabricator.wikimedia.org/T232568
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T232568
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903764
reference_id 1903764
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903764
20
reference_url https://github.com/advisories/GHSA-c4rj-wrmq-52rj
reference_id GHSA-c4rj-wrmq-52rj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4rj-wrmq-52rj
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.9
purl pkg:composer/mediawiki/core@1.31.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9
1
url pkg:composer/mediawiki/core@1.34.3
purl pkg:composer/mediawiki/core@1.34.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-jm7q-2w3j-buhh
2
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3
aliases CVE-2020-25813, GHSA-c4rj-wrmq-52rj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujdn-y48t-pbch
9
url VCID-z9d9-aer5-gfa9
vulnerability_id VCID-z9d9-aer5-gfa9
summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41800
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.3925
published_at 2026-04-21T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39342
published_at 2026-04-08T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39337
published_at 2026-04-18T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.39365
published_at 2026-04-16T12:55:00Z
4
value 0.00177
scoring_system epss
scoring_elements 0.39313
published_at 2026-04-13T12:55:00Z
5
value 0.00177
scoring_system epss
scoring_elements 0.39331
published_at 2026-04-12T12:55:00Z
6
value 0.00177
scoring_system epss
scoring_elements 0.39164
published_at 2026-04-01T12:55:00Z
7
value 0.00177
scoring_system epss
scoring_elements 0.39371
published_at 2026-04-11T12:55:00Z
8
value 0.00177
scoring_system epss
scoring_elements 0.3935
published_at 2026-04-02T12:55:00Z
9
value 0.00177
scoring_system epss
scoring_elements 0.39374
published_at 2026-04-04T12:55:00Z
10
value 0.00177
scoring_system epss
scoring_elements 0.39287
published_at 2026-04-07T12:55:00Z
11
value 0.00177
scoring_system epss
scoring_elements 0.39359
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41800
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
7
reference_url https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
14
reference_url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5
15
reference_url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
reference_id
reference_type
scores
url https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41800
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41800
17
reference_url https://phabricator.wikimedia.org/T284419
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T284419
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2009517
reference_id 2009517
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2009517
19
reference_url https://security.archlinux.org/AVG-2434
reference_id AVG-2434
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2434
20
reference_url https://github.com/advisories/GHSA-c8wv-qwwc-6j73
reference_id GHSA-c8wv-qwwc-6j73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c8wv-qwwc-6j73
21
reference_url https://security.gentoo.org/glsa/202305-24
reference_id GLSA-202305-24
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202305-24
fixed_packages
0
url pkg:composer/mediawiki/core@1.36.2
purl pkg:composer/mediawiki/core@1.36.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm7q-2w3j-buhh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.36.2
aliases CVE-2021-41800, GHSA-c8wv-qwwc-6j73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9
10
url VCID-zgdf-mxfn-gbea
vulnerability_id VCID-zgdf-mxfn-gbea
summary 
img_auth.php may leak private extension images into the public cache
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15005
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.72868
published_at 2026-04-21T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.72768
published_at 2026-04-01T12:55:00Z
2
value 0.00737
scoring_system epss
scoring_elements 0.72776
published_at 2026-04-02T12:55:00Z
3
value 0.00737
scoring_system epss
scoring_elements 0.72796
published_at 2026-04-04T12:55:00Z
4
value 0.00737
scoring_system epss
scoring_elements 0.72773
published_at 2026-04-07T12:55:00Z
5
value 0.00737
scoring_system epss
scoring_elements 0.72811
published_at 2026-04-08T12:55:00Z
6
value 0.00737
scoring_system epss
scoring_elements 0.72825
published_at 2026-04-09T12:55:00Z
7
value 0.00737
scoring_system epss
scoring_elements 0.7285
published_at 2026-04-11T12:55:00Z
8
value 0.00737
scoring_system epss
scoring_elements 0.72833
published_at 2026-04-12T12:55:00Z
9
value 0.00737
scoring_system epss
scoring_elements 0.72824
published_at 2026-04-13T12:55:00Z
10
value 0.00737
scoring_system epss
scoring_elements 0.72866
published_at 2026-04-16T12:55:00Z
11
value 0.00737
scoring_system epss
scoring_elements 0.72876
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15005
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
10
reference_url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31
11
reference_url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33
12
reference_url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34
13
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
14
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H
16
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15005
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15005
18
reference_url https://phabricator.wikimedia.org/T248947
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T248947
19
reference_url https://www.debian.org/security/2020/dsa-4767
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4767
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1851026
reference_id 1851026
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1851026
21
reference_url https://github.com/advisories/GHSA-xpv7-93cm-4mxv
reference_id GHSA-xpv7-93cm-4mxv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpv7-93cm-4mxv
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.8
purl pkg:composer/mediawiki/core@1.31.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-arzd-7xhw-qqb4
3
vulnerability VCID-azup-qzq7-sbh6
4
vulnerability VCID-jm7q-2w3j-buhh
5
vulnerability VCID-pm5t-23j4-6yh6
6
vulnerability VCID-ujdn-y48t-pbch
7
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.8
1
url pkg:composer/mediawiki/core@1.33.4
purl pkg:composer/mediawiki/core@1.33.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-ujdn-y48t-pbch
8
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.4
2
url pkg:composer/mediawiki/core@1.34.2
purl pkg:composer/mediawiki/core@1.34.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-arzd-7xhw-qqb4
3
vulnerability VCID-azup-qzq7-sbh6
4
vulnerability VCID-h8jw-brz8-hkfn
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-ujdn-y48t-pbch
8
vulnerability VCID-z9d9-aer5-gfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.2
aliases CVE-2020-15005, GHSA-xpv7-93cm-4mxv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgdf-mxfn-gbea
Fixing_vulnerabilities
0
url VCID-1697-p35n-fber
vulnerability_id VCID-1697-p35n-fber
summary 
Wikimedia MediaWiki allows CSRF
Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12466
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39621
published_at 2026-04-02T12:55:00Z
1
value 0.0018
scoring_system epss
scoring_elements 0.39524
published_at 2026-04-21T12:55:00Z
2
value 0.0018
scoring_system epss
scoring_elements 0.39608
published_at 2026-04-18T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39615
published_at 2026-04-08T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.3956
published_at 2026-04-07T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.39644
published_at 2026-04-04T12:55:00Z
6
value 0.0018
scoring_system epss
scoring_elements 0.39472
published_at 2026-04-01T12:55:00Z
7
value 0.0018
scoring_system epss
scoring_elements 0.39637
published_at 2026-04-16T12:55:00Z
8
value 0.0018
scoring_system epss
scoring_elements 0.39586
published_at 2026-04-13T12:55:00Z
9
value 0.0018
scoring_system epss
scoring_elements 0.39602
published_at 2026-04-12T12:55:00Z
10
value 0.0018
scoring_system epss
scoring_elements 0.39639
published_at 2026-04-11T12:55:00Z
11
value 0.0018
scoring_system epss
scoring_elements 0.39629
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12466
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12466
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12466
15
reference_url https://phabricator.wikimedia.org/T25227
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T25227
16
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jun/12
17
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4460
18
reference_url https://github.com/advisories/GHSA-27fw-r78j-h898
reference_id GHSA-27fw-r78j-h898
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27fw-r78j-h898
fixed_packages
0
url pkg:composer/mediawiki/core@1.27.6
purl pkg:composer/mediawiki/core@1.27.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6
1
url pkg:composer/mediawiki/core@1.30.2
purl pkg:composer/mediawiki/core@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2
2
url pkg:composer/mediawiki/core@1.31.2
purl pkg:composer/mediawiki/core@1.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-t6w8-cgct-gbgz
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2
3
url pkg:composer/mediawiki/core@1.32.2
purl pkg:composer/mediawiki/core@1.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-t6w8-cgct-gbgz
9
vulnerability VCID-ujdn-y48t-pbch
10
vulnerability VCID-z9d9-aer5-gfa9
11
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2
aliases CVE-2019-12466, GHSA-27fw-r78j-h898
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1697-p35n-fber
1
url VCID-1866-gt2g-1qfv
vulnerability_id VCID-1866-gt2g-1qfv
summary 
MediaWiki Incorrect Access Control vulnerability
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12469
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.35983
published_at 2026-04-01T12:55:00Z
1
value 0.00153
scoring_system epss
scoring_elements 0.36026
published_at 2026-04-21T12:55:00Z
2
value 0.00153
scoring_system epss
scoring_elements 0.36093
published_at 2026-04-16T12:55:00Z
3
value 0.00153
scoring_system epss
scoring_elements 0.36092
published_at 2026-04-08T12:55:00Z
4
value 0.00153
scoring_system epss
scoring_elements 0.36042
published_at 2026-04-07T12:55:00Z
5
value 0.00153
scoring_system epss
scoring_elements 0.36207
published_at 2026-04-04T12:55:00Z
6
value 0.00153
scoring_system epss
scoring_elements 0.36178
published_at 2026-04-02T12:55:00Z
7
value 0.00153
scoring_system epss
scoring_elements 0.36052
published_at 2026-04-13T12:55:00Z
8
value 0.00153
scoring_system epss
scoring_elements 0.36078
published_at 2026-04-18T12:55:00Z
9
value 0.00153
scoring_system epss
scoring_elements 0.36116
published_at 2026-04-11T12:55:00Z
10
value 0.00153
scoring_system epss
scoring_elements 0.3611
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12469
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12469
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12469
15
reference_url https://phabricator.wikimedia.org/T222036
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T222036
16
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jun/12
17
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4460
18
reference_url https://github.com/advisories/GHSA-x3fr-w7r5-x7rg
reference_id GHSA-x3fr-w7r5-x7rg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x3fr-w7r5-x7rg
fixed_packages
0
url pkg:composer/mediawiki/core@1.27.6
purl pkg:composer/mediawiki/core@1.27.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6
1
url pkg:composer/mediawiki/core@1.30.2
purl pkg:composer/mediawiki/core@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2
2
url pkg:composer/mediawiki/core@1.31.2
purl pkg:composer/mediawiki/core@1.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-t6w8-cgct-gbgz
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2
3
url pkg:composer/mediawiki/core@1.32.2
purl pkg:composer/mediawiki/core@1.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-t6w8-cgct-gbgz
9
vulnerability VCID-ujdn-y48t-pbch
10
vulnerability VCID-z9d9-aer5-gfa9
11
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2
aliases CVE-2019-12469, GHSA-x3fr-w7r5-x7rg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1866-gt2g-1qfv
2
url VCID-bbef-akjp-a3gp
vulnerability_id VCID-bbef-akjp-a3gp
summary 
Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12473
reference_id
reference_type
scores
0
value 0.00469
scoring_system epss
scoring_elements 0.64506
published_at 2026-04-07T12:55:00Z
1
value 0.00469
scoring_system epss
scoring_elements 0.64576
published_at 2026-04-21T12:55:00Z
2
value 0.00469
scoring_system epss
scoring_elements 0.6459
published_at 2026-04-18T12:55:00Z
3
value 0.00469
scoring_system epss
scoring_elements 0.64579
published_at 2026-04-16T12:55:00Z
4
value 0.00469
scoring_system epss
scoring_elements 0.64545
published_at 2026-04-13T12:55:00Z
5
value 0.00469
scoring_system epss
scoring_elements 0.64573
published_at 2026-04-12T12:55:00Z
6
value 0.00469
scoring_system epss
scoring_elements 0.64518
published_at 2026-04-02T12:55:00Z
7
value 0.00469
scoring_system epss
scoring_elements 0.64464
published_at 2026-04-01T12:55:00Z
8
value 0.00469
scoring_system epss
scoring_elements 0.64548
published_at 2026-04-04T12:55:00Z
9
value 0.00469
scoring_system epss
scoring_elements 0.64586
published_at 2026-04-11T12:55:00Z
10
value 0.00469
scoring_system epss
scoring_elements 0.6457
published_at 2026-04-09T12:55:00Z
11
value 0.00469
scoring_system epss
scoring_elements 0.64554
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12473
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12473
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12473
15
reference_url https://phabricator.wikimedia.org/T204729
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T204729
16
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jun/12
17
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4460
18
reference_url https://github.com/advisories/GHSA-33xw-x3pr-rvqj
reference_id GHSA-33xw-x3pr-rvqj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33xw-x3pr-rvqj
fixed_packages
0
url pkg:composer/mediawiki/core@1.27.6
purl pkg:composer/mediawiki/core@1.27.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6
1
url pkg:composer/mediawiki/core@1.30.2
purl pkg:composer/mediawiki/core@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2
2
url pkg:composer/mediawiki/core@1.31.2
purl pkg:composer/mediawiki/core@1.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-t6w8-cgct-gbgz
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2
3
url pkg:composer/mediawiki/core@1.32.2
purl pkg:composer/mediawiki/core@1.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-t6w8-cgct-gbgz
9
vulnerability VCID-ujdn-y48t-pbch
10
vulnerability VCID-z9d9-aer5-gfa9
11
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2
aliases CVE-2019-12473, GHSA-33xw-x3pr-rvqj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbef-akjp-a3gp
3
url VCID-gma6-b9cy-kqee
vulnerability_id VCID-gma6-b9cy-kqee
summary 
MediaWiki Incorrect Access Control vulnerability
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12467
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53131
published_at 2026-04-07T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.53224
published_at 2026-04-21T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53241
published_at 2026-04-18T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.53235
published_at 2026-04-16T12:55:00Z
4
value 0.00298
scoring_system epss
scoring_elements 0.53198
published_at 2026-04-13T12:55:00Z
5
value 0.00298
scoring_system epss
scoring_elements 0.53214
published_at 2026-04-12T12:55:00Z
6
value 0.00298
scoring_system epss
scoring_elements 0.53139
published_at 2026-04-02T12:55:00Z
7
value 0.00298
scoring_system epss
scoring_elements 0.53118
published_at 2026-04-01T12:55:00Z
8
value 0.00298
scoring_system epss
scoring_elements 0.53163
published_at 2026-04-04T12:55:00Z
9
value 0.00298
scoring_system epss
scoring_elements 0.53229
published_at 2026-04-11T12:55:00Z
10
value 0.00298
scoring_system epss
scoring_elements 0.53178
published_at 2026-04-09T12:55:00Z
11
value 0.00298
scoring_system epss
scoring_elements 0.53185
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12467
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12467
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12467
15
reference_url https://phabricator.wikimedia.org/T209794
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T209794
16
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jun/12
17
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4460
18
reference_url https://github.com/advisories/GHSA-6vfg-8ppv-h5hg
reference_id GHSA-6vfg-8ppv-h5hg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6vfg-8ppv-h5hg
fixed_packages
0
url pkg:composer/mediawiki/core@1.27.6
purl pkg:composer/mediawiki/core@1.27.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6
1
url pkg:composer/mediawiki/core@1.30.2
purl pkg:composer/mediawiki/core@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2
2
url pkg:composer/mediawiki/core@1.31.2
purl pkg:composer/mediawiki/core@1.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-t6w8-cgct-gbgz
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2
3
url pkg:composer/mediawiki/core@1.32.2
purl pkg:composer/mediawiki/core@1.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-t6w8-cgct-gbgz
9
vulnerability VCID-ujdn-y48t-pbch
10
vulnerability VCID-z9d9-aer5-gfa9
11
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2
aliases CVE-2019-12467, GHSA-6vfg-8ppv-h5hg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gma6-b9cy-kqee
4
url VCID-kjp3-cs2f-t7b4
vulnerability_id VCID-kjp3-cs2f-t7b4
summary 
MediaWiki Cross-site Scripting (XSS)
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12471
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.58044
published_at 2026-04-07T12:55:00Z
1
value 0.00359
scoring_system epss
scoring_elements 0.58082
published_at 2026-04-21T12:55:00Z
2
value 0.00359
scoring_system epss
scoring_elements 0.58107
published_at 2026-04-18T12:55:00Z
3
value 0.00359
scoring_system epss
scoring_elements 0.58106
published_at 2026-04-16T12:55:00Z
4
value 0.00359
scoring_system epss
scoring_elements 0.58075
published_at 2026-04-13T12:55:00Z
5
value 0.00359
scoring_system epss
scoring_elements 0.58095
published_at 2026-04-12T12:55:00Z
6
value 0.00359
scoring_system epss
scoring_elements 0.58048
published_at 2026-04-02T12:55:00Z
7
value 0.00359
scoring_system epss
scoring_elements 0.57963
published_at 2026-04-01T12:55:00Z
8
value 0.00359
scoring_system epss
scoring_elements 0.5807
published_at 2026-04-04T12:55:00Z
9
value 0.00359
scoring_system epss
scoring_elements 0.58118
published_at 2026-04-11T12:55:00Z
10
value 0.00359
scoring_system epss
scoring_elements 0.58102
published_at 2026-04-09T12:55:00Z
11
value 0.00359
scoring_system epss
scoring_elements 0.58099
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12471
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12471
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12471
15
reference_url https://phabricator.wikimedia.org/T207603
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T207603
16
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jun/12
17
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4460
18
reference_url https://github.com/advisories/GHSA-2rm7-xxx8-35jh
reference_id GHSA-2rm7-xxx8-35jh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rm7-xxx8-35jh
fixed_packages
0
url pkg:composer/mediawiki/core@1.27.6
purl pkg:composer/mediawiki/core@1.27.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6
1
url pkg:composer/mediawiki/core@1.30.2
purl pkg:composer/mediawiki/core@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2
2
url pkg:composer/mediawiki/core@1.31.2
purl pkg:composer/mediawiki/core@1.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-t6w8-cgct-gbgz
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2
aliases CVE-2019-12471, GHSA-2rm7-xxx8-35jh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjp3-cs2f-t7b4
5
url VCID-qmx3-kcnd-zuhe
vulnerability_id VCID-qmx3-kcnd-zuhe
summary 
Wikimedia MediaWiki Incorrect Access Control vulnerability
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12468
reference_id
reference_type
scores
0
value 0.00519
scoring_system epss
scoring_elements 0.66728
published_at 2026-04-02T12:55:00Z
1
value 0.00519
scoring_system epss
scoring_elements 0.66797
published_at 2026-04-21T12:55:00Z
2
value 0.00519
scoring_system epss
scoring_elements 0.66814
published_at 2026-04-18T12:55:00Z
3
value 0.00519
scoring_system epss
scoring_elements 0.66774
published_at 2026-04-08T12:55:00Z
4
value 0.00519
scoring_system epss
scoring_elements 0.66725
published_at 2026-04-07T12:55:00Z
5
value 0.00519
scoring_system epss
scoring_elements 0.66753
published_at 2026-04-04T12:55:00Z
6
value 0.00519
scoring_system epss
scoring_elements 0.66688
published_at 2026-04-01T12:55:00Z
7
value 0.00519
scoring_system epss
scoring_elements 0.668
published_at 2026-04-16T12:55:00Z
8
value 0.00519
scoring_system epss
scoring_elements 0.66766
published_at 2026-04-13T12:55:00Z
9
value 0.00519
scoring_system epss
scoring_elements 0.66796
published_at 2026-04-12T12:55:00Z
10
value 0.00519
scoring_system epss
scoring_elements 0.6681
published_at 2026-04-11T12:55:00Z
11
value 0.00519
scoring_system epss
scoring_elements 0.66789
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12468
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.wikimedia.org/pipermail/mediawiki-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/mediawiki-announce
14
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12468
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12468
16
reference_url https://phabricator.wikimedia.org/T197279
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T197279
17
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jun/12
18
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4460
19
reference_url https://github.com/advisories/GHSA-wrhx-3pxr-6vgg
reference_id GHSA-wrhx-3pxr-6vgg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wrhx-3pxr-6vgg
fixed_packages
0
url pkg:composer/mediawiki/core@1.27.6
purl pkg:composer/mediawiki/core@1.27.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6
1
url pkg:composer/mediawiki/core@1.30.2
purl pkg:composer/mediawiki/core@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2
2
url pkg:composer/mediawiki/core@1.31.2
purl pkg:composer/mediawiki/core@1.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-t6w8-cgct-gbgz
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2
3
url pkg:composer/mediawiki/core@1.32.2
purl pkg:composer/mediawiki/core@1.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-t6w8-cgct-gbgz
9
vulnerability VCID-ujdn-y48t-pbch
10
vulnerability VCID-z9d9-aer5-gfa9
11
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2
aliases CVE-2019-12468, GHSA-wrhx-3pxr-6vgg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmx3-kcnd-zuhe
6
url VCID-tq2e-c9ym-a3hj
vulnerability_id VCID-tq2e-c9ym-a3hj
summary 
Wikimedia information leak vulnerability
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12474
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49391
published_at 2026-04-07T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49445
published_at 2026-04-21T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49475
published_at 2026-04-18T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49478
published_at 2026-04-16T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49432
published_at 2026-04-13T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.4943
published_at 2026-04-12T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49411
published_at 2026-04-02T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49382
published_at 2026-04-01T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49438
published_at 2026-04-04T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49458
published_at 2026-04-11T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.49441
published_at 2026-04-09T12:55:00Z
11
value 0.00261
scoring_system epss
scoring_elements 0.49446
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12474
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12474
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12474
15
reference_url https://phabricator.wikimedia.org/T212118
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T212118
16
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jun/12
17
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4460
18
reference_url https://github.com/advisories/GHSA-2qrr-c2gh-pr35
reference_id GHSA-2qrr-c2gh-pr35
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qrr-c2gh-pr35
fixed_packages
0
url pkg:composer/mediawiki/core@1.27.6
purl pkg:composer/mediawiki/core@1.27.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6
1
url pkg:composer/mediawiki/core@1.30.2
purl pkg:composer/mediawiki/core@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2
2
url pkg:composer/mediawiki/core@1.31.2
purl pkg:composer/mediawiki/core@1.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-t6w8-cgct-gbgz
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2
3
url pkg:composer/mediawiki/core@1.32.2
purl pkg:composer/mediawiki/core@1.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-t6w8-cgct-gbgz
9
vulnerability VCID-ujdn-y48t-pbch
10
vulnerability VCID-z9d9-aer5-gfa9
11
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2
aliases CVE-2019-12474, GHSA-2qrr-c2gh-pr35
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tq2e-c9ym-a3hj
7
url VCID-u2xc-ztge-p3bv
vulnerability_id VCID-u2xc-ztge-p3bv
summary 
MediaWiki Incorrect Access Control vulnerability
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12472
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.3576
published_at 2026-04-21T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35707
published_at 2026-04-01T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35905
published_at 2026-04-02T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35935
published_at 2026-04-04T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35765
published_at 2026-04-07T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35816
published_at 2026-04-08T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35838
published_at 2026-04-09T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35845
published_at 2026-04-11T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35805
published_at 2026-04-12T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35782
published_at 2026-04-13T12:55:00Z
10
value 0.00151
scoring_system epss
scoring_elements 0.35821
published_at 2026-04-16T12:55:00Z
11
value 0.00151
scoring_system epss
scoring_elements 0.35809
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12472
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12472
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12472
15
reference_url https://phabricator.wikimedia.org/T199540
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T199540
16
reference_url https://github.com/advisories/GHSA-7mqg-5fgh-xh4r
reference_id GHSA-7mqg-5fgh-xh4r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mqg-5fgh-xh4r
fixed_packages
0
url pkg:composer/mediawiki/core@1.27.6
purl pkg:composer/mediawiki/core@1.27.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6
1
url pkg:composer/mediawiki/core@1.30.2
purl pkg:composer/mediawiki/core@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2
2
url pkg:composer/mediawiki/core@1.31.2
purl pkg:composer/mediawiki/core@1.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-t6w8-cgct-gbgz
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2
3
url pkg:composer/mediawiki/core@1.32.2
purl pkg:composer/mediawiki/core@1.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-t6w8-cgct-gbgz
9
vulnerability VCID-ujdn-y48t-pbch
10
vulnerability VCID-z9d9-aer5-gfa9
11
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2
aliases CVE-2019-12472, GHSA-7mqg-5fgh-xh4r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2xc-ztge-p3bv
8
url VCID-yr8d-347g-pugg
vulnerability_id VCID-yr8d-347g-pugg
summary 
Wikimedia MediaWik exposed suppressed log in RevisionDelete page
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12470
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.3805
published_at 2026-04-02T12:55:00Z
1
value 0.00168
scoring_system epss
scoring_elements 0.37936
published_at 2026-04-21T12:55:00Z
2
value 0.00168
scoring_system epss
scoring_elements 0.38018
published_at 2026-04-16T12:55:00Z
3
value 0.00168
scoring_system epss
scoring_elements 0.38007
published_at 2026-04-08T12:55:00Z
4
value 0.00168
scoring_system epss
scoring_elements 0.37956
published_at 2026-04-07T12:55:00Z
5
value 0.00168
scoring_system epss
scoring_elements 0.38074
published_at 2026-04-04T12:55:00Z
6
value 0.00168
scoring_system epss
scoring_elements 0.37889
published_at 2026-04-01T12:55:00Z
7
value 0.00168
scoring_system epss
scoring_elements 0.37973
published_at 2026-04-13T12:55:00Z
8
value 0.00168
scoring_system epss
scoring_elements 0.37998
published_at 2026-04-18T12:55:00Z
9
value 0.00168
scoring_system epss
scoring_elements 0.38034
published_at 2026-04-11T12:55:00Z
10
value 0.00168
scoring_system epss
scoring_elements 0.38017
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12470
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml
12
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wikimedia/mediawiki
13
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12470
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12470
15
reference_url https://phabricator.wikimedia.org/T222038
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://phabricator.wikimedia.org/T222038
16
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jun/12
17
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4460
18
reference_url https://github.com/advisories/GHSA-733q-m38x-q7cc
reference_id GHSA-733q-m38x-q7cc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-733q-m38x-q7cc
fixed_packages
0
url pkg:composer/mediawiki/core@1.27.6
purl pkg:composer/mediawiki/core@1.27.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6
1
url pkg:composer/mediawiki/core@1.30.2
purl pkg:composer/mediawiki/core@1.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eba-7gsc-hbfg
1
vulnerability VCID-9qyu-z71g-1qbq
2
vulnerability VCID-jm7q-2w3j-buhh
3
vulnerability VCID-z9d9-aer5-gfa9
4
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2
2
url pkg:composer/mediawiki/core@1.31.2
purl pkg:composer/mediawiki/core@1.31.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4keq-jcfa-13hc
1
vulnerability VCID-7eba-7gsc-hbfg
2
vulnerability VCID-9qyu-z71g-1qbq
3
vulnerability VCID-arzd-7xhw-qqb4
4
vulnerability VCID-azup-qzq7-sbh6
5
vulnerability VCID-jm7q-2w3j-buhh
6
vulnerability VCID-pm5t-23j4-6yh6
7
vulnerability VCID-t6w8-cgct-gbgz
8
vulnerability VCID-ujdn-y48t-pbch
9
vulnerability VCID-z9d9-aer5-gfa9
10
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2
3
url pkg:composer/mediawiki/core@1.32.2
purl pkg:composer/mediawiki/core@1.32.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-424y-cjxg-c7az
1
vulnerability VCID-4keq-jcfa-13hc
2
vulnerability VCID-7eba-7gsc-hbfg
3
vulnerability VCID-9qyu-z71g-1qbq
4
vulnerability VCID-arzd-7xhw-qqb4
5
vulnerability VCID-azup-qzq7-sbh6
6
vulnerability VCID-jm7q-2w3j-buhh
7
vulnerability VCID-pm5t-23j4-6yh6
8
vulnerability VCID-t6w8-cgct-gbgz
9
vulnerability VCID-ujdn-y48t-pbch
10
vulnerability VCID-z9d9-aer5-gfa9
11
vulnerability VCID-zgdf-mxfn-gbea
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2
aliases CVE-2019-12470, GHSA-733q-m38x-q7cc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yr8d-347g-pugg
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2