VulnerableCode Package Details - pkg:composer/mediawiki/core@1.31.0-rc.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/mediawiki/core@1.31.0-rc.2

Essentials
History (19)

purl	pkg:composer/mediawiki/core@1.31.0-rc.2

Next non-vulnerable version	1.35.12
Latest non-vulnerable version	1.40.1
Risk	4.5

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-7eba-7gsc-hbfg Aliases: CVE-2023-29141 GHSA-5vj8-g3qg-4qh6	X-Forwarded-For header allows brute-forcing autoblocked IP addresses An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.	1.35.10 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.38.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.39.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-9qyu-z71g-1qbq Aliases: CVE-2020-10959 GHSA-mqhw-wq8p-vf5r	MediaWiki Open Redirect vulnerability resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.	1.34.0-rc.0 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jm7q-2w3j-buhh Aliases: CVE-2023-45363 GHSA-w5fx-cx7f-6vr9	MediaWiki Denial of Service vulnerability An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.	1.35.12 Affected by 0 other vulnerabilities. 1.39.5 Affected by 0 other vulnerabilities. 1.40.1 Affected by 0 other vulnerabilities.
VCID-z9d9-aer5-gfa9 Aliases: CVE-2021-41800 GHSA-c8wv-qwwc-6j73	Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.	1.36.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zgdf-mxfn-gbea Aliases: CVE-2020-15005 GHSA-xpv7-93cm-4mxv	img_auth.php may leak private extension images into the public cache In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.	1.31.8 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.33.4 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.34.2 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:40:13.336605+00:00	GitLab Importer	Affected by	VCID-jm7q-2w3j-buhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	38.4.0
2026-04-16T22:26:02.143350+00:00	GitLab Importer	Affected by	VCID-7eba-7gsc-hbfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml	38.4.0
2026-04-16T22:00:22.446896+00:00	GitLab Importer	Affected by	VCID-9qyu-z71g-1qbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml	38.4.0
2026-04-16T21:59:04.605297+00:00	GitLab Importer	Affected by	VCID-zgdf-mxfn-gbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-15005.yml	38.4.0
2026-04-16T21:55:56.641607+00:00	GitLab Importer	Affected by	VCID-z9d9-aer5-gfa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	38.4.0
2026-04-11T23:59:40.529779+00:00	GitLab Importer	Affected by	VCID-jm7q-2w3j-buhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	38.3.0
2026-04-11T23:44:18.182005+00:00	GitLab Importer	Affected by	VCID-7eba-7gsc-hbfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml	38.3.0
2026-04-11T23:15:58.838667+00:00	GitLab Importer	Affected by	VCID-9qyu-z71g-1qbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml	38.3.0
2026-04-11T23:14:34.707893+00:00	GitLab Importer	Affected by	VCID-zgdf-mxfn-gbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-15005.yml	38.3.0
2026-04-11T23:11:20.665912+00:00	GitLab Importer	Affected by	VCID-z9d9-aer5-gfa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	38.3.0
2026-04-03T00:02:44.165770+00:00	GitLab Importer	Affected by	VCID-jm7q-2w3j-buhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	38.1.0
2026-04-02T23:47:56.823990+00:00	GitLab Importer	Affected by	VCID-7eba-7gsc-hbfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml	38.1.0
2026-04-02T23:23:48.668109+00:00	GitLab Importer	Affected by	VCID-9qyu-z71g-1qbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml	38.1.0
2026-04-02T23:22:36.777041+00:00	GitLab Importer	Affected by	VCID-zgdf-mxfn-gbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-15005.yml	38.1.0
2026-04-02T23:19:48.794258+00:00	GitLab Importer	Affected by	VCID-z9d9-aer5-gfa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	38.1.0
2026-04-01T18:11:15.929856+00:00	GitLab Importer	Affected by	VCID-7eba-7gsc-hbfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml	38.0.0
2026-04-01T17:44:48.034244+00:00	GitLab Importer	Affected by	VCID-9qyu-z71g-1qbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml	38.0.0
2026-04-01T17:43:36.961261+00:00	GitLab Importer	Affected by	VCID-zgdf-mxfn-gbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-15005.yml	38.0.0
2026-04-01T17:40:20.810041+00:00	GitLab Importer	Affected by	VCID-z9d9-aer5-gfa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	38.0.0