Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/mediawiki/core@1.35.2
purl pkg:composer/mediawiki/core@1.35.2
Next non-vulnerable version 1.35.12
Latest non-vulnerable version 1.40.1
Risk 4.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-7eba-7gsc-hbfg
Aliases:
CVE-2023-29141
GHSA-5vj8-g3qg-4qh6
X-Forwarded-For header allows brute-forcing autoblocked IP addresses An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
1.35.10
Affected by 1 other vulnerability.
1.38.6
Affected by 1 other vulnerability.
1.39.3
Affected by 1 other vulnerability.
VCID-jm7q-2w3j-buhh
Aliases:
CVE-2023-45363
GHSA-w5fx-cx7f-6vr9
MediaWiki Denial of Service vulnerability An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
1.35.12
Affected by 0 other vulnerabilities.
1.39.5
Affected by 0 other vulnerabilities.
1.40.1
Affected by 0 other vulnerabilities.
VCID-z9d9-aer5-gfa9
Aliases:
CVE-2021-41800
GHSA-c8wv-qwwc-6j73
Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.
1.36.2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:40:13.516520+00:00 GitLab Importer Affected by VCID-jm7q-2w3j-buhh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 38.4.0
2026-04-16T22:26:02.307763+00:00 GitLab Importer Affected by VCID-7eba-7gsc-hbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 38.4.0
2026-04-16T21:55:56.799047+00:00 GitLab Importer Affected by VCID-z9d9-aer5-gfa9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 38.4.0
2026-04-11T23:59:40.699317+00:00 GitLab Importer Affected by VCID-jm7q-2w3j-buhh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 38.3.0
2026-04-11T23:44:18.364107+00:00 GitLab Importer Affected by VCID-7eba-7gsc-hbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 38.3.0
2026-04-11T23:11:20.840209+00:00 GitLab Importer Affected by VCID-z9d9-aer5-gfa9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 38.3.0
2026-04-03T00:02:44.340799+00:00 GitLab Importer Affected by VCID-jm7q-2w3j-buhh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 38.1.0
2026-04-02T23:47:56.976312+00:00 GitLab Importer Affected by VCID-7eba-7gsc-hbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 38.1.0
2026-04-02T23:19:48.946534+00:00 GitLab Importer Affected by VCID-z9d9-aer5-gfa9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 38.1.0
2026-04-01T18:11:16.117519+00:00 GitLab Importer Affected by VCID-7eba-7gsc-hbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 38.0.0
2026-04-01T17:40:20.997613+00:00 GitLab Importer Affected by VCID-z9d9-aer5-gfa9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 38.0.0