VulnerableCode Package Details - pkg:alpm/archlinux/mediawiki@1.31.0-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/mediawiki@1.31.0-1

Essentials
History (3)

purl	pkg:alpm/archlinux/mediawiki@1.31.0-1

Next non-vulnerable version	1.31.1-1
Latest non-vulnerable version	1.38.3-1
Risk	3.1

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-35t3-tu86-nugv Aliases: CVE-2018-13258 GHSA-2c28-7gwv-cpgf	Mediawiki tarball is missing .htaccess files Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.	1.31.1-1 Affected by 0 other vulnerabilities.
VCID-sf61-byhw-17gv Aliases: CVE-2018-0503 GHSA-mhfv-9h99-jwg7	Mediawiki Improper Privilege Management Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.	1.31.1-1 Affected by 0 other vulnerabilities.
VCID-v27j-4pnt-n7h9 Aliases: CVE-2018-0505 GHSA-5c6w-f4w2-2grp	Mediawiki BotPassword can bypass CentralAuth's account lock Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock	1.31.1-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:27:04.311682+00:00	Arch Linux Importer	Affected by	VCID-sf61-byhw-17gv	https://security.archlinux.org/AVG-765	38.0.0
2026-04-01T18:27:04.283596+00:00	Arch Linux Importer	Affected by	VCID-v27j-4pnt-n7h9	https://security.archlinux.org/AVG-765	38.0.0
2026-04-01T18:27:04.197975+00:00	Arch Linux Importer	Affected by	VCID-35t3-tu86-nugv	https://security.archlinux.org/AVG-765	38.0.0