{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","type":"deb","namespace":"debian","name":"mediawiki","version":"1:1.43.8+dfsg-1~deb13u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:1.43.8+dfsg-1","latest_non_vulnerable_version":"1:1.43.8+dfsg-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67923?format=json","vulnerability_id":"VCID-16xe-r3rr-w7dp","summary":"MediaWiki: MediaWiki: Cross-site Scripting via improper input neutralization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61637.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61637","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00512","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00513","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00508","published_at":"2026-06-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00516","published_at":"2026-06-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00515","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61637"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436128","reference_id":"2436128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436128"},{"reference_url":"https://phabricator.wikimedia.org/T394856","reference_id":"T394856","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:10:43Z/"}],"url":"https://phabricator.wikimedia.org/T394856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61637"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16xe-r3rr-w7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6588?format=json","vulnerability_id":"VCID-17xy-hr3x-bffr","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0366.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0366","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60137","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60184","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60187","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60173","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60156","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60174","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0366"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569788","reference_id":"1569788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569788"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0366"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17xy-hr3x-bffr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3542?format=json","vulnerability_id":"VCID-1t9v-k91e-7bbc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31043","reference_id":"","reference_type":"","scores":[{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81178","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81151","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81194","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81176","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.8118","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81183","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml"},{"reference_url":"https://github.com/guzzle/guzzle","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guzzle/guzzle"},{"reference_url":"https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/"}],"url":"https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8"},{"reference_url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/"}],"url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31043","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31043"},{"reference_url":"https://www.debian.org/security/2022/dsa-5246","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/"}],"url":"https://www.debian.org/security/2022/dsa-5246"},{"reference_url":"https://www.drupal.org/sa-core-2022-011","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/"}],"url":"https://www.drupal.org/sa-core-2022-011"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821","reference_id":"1012821","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://github.com/advisories/GHSA-w248-ffj2-4v5q","reference_id":"GHSA-w248-ffj2-4v5q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w248-ffj2-4v5q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116077?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-31043","GHSA-w248-ffj2-4v5q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1t9v-k91e-7bbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6587?format=json","vulnerability_id":"VCID-1tce-jdy8-yke5","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0367.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0367.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0367","reference_id":"","reference_type":"","scores":[{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.67001","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.67042","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.67051","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.67035","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.67019","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.67036","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569791","reference_id":"1569791","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569791"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0367"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tce-jdy8-yke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92900?format=json","vulnerability_id":"VCID-1uhc-vf14-9ugy","summary":"MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5687","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63202","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63246","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63254","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63244","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63231","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63248","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5687"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116013?format=json","purl":"pkg:deb/debian/mediawiki@1:1.13.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.13.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-5687"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhc-vf14-9ugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93073?format=json","vulnerability_id":"VCID-22hu-b268-yfb4","summary":"Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php.  This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61643","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01084","published_at":"2026-06-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01083","published_at":"2026-06-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01077","published_at":"2026-06-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01078","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643"},{"reference_url":"https://phabricator.wikimedia.org/T403757","reference_id":"T403757","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:15:36Z/"}],"url":"https://phabricator.wikimedia.org/T403757"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61643"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22hu-b268-yfb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92904?format=json","vulnerability_id":"VCID-26rr-ws2m-vyg5","summary":"MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a \"login CSRF\" issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1150.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1150","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61747","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61796","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61804","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61793","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61778","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61795","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1150"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=580418","reference_id":"580418","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=580418"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116018?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2010-1150"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26rr-ws2m-vyg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92912?format=json","vulnerability_id":"VCID-2crw-j6ub-gfbc","summary":"MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0003","reference_id":"","reference_type":"","scores":[{"value":"0.00927","scoring_system":"epss","scoring_elements":"0.76447","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00927","scoring_system":"epss","scoring_elements":"0.76475","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00927","scoring_system":"epss","scoring_elements":"0.76482","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00927","scoring_system":"epss","scoring_elements":"0.76471","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00927","scoring_system":"epss","scoring_elements":"0.7646","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00927","scoring_system":"epss","scoring_elements":"0.76483","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0003"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116022?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-0003"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2crw-j6ub-gfbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92926?format=json","vulnerability_id":"VCID-2qfy-57yd-5ueu","summary":"Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1580","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53953","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5401","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54017","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54005","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53983","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1580"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-1580"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qfy-57yd-5ueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92909?format=json","vulnerability_id":"VCID-2r5q-1ca6-zqet","summary":"api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2787","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68345","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68387","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68395","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68372","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68388","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2787"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590660","reference_id":"590660","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590660"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116021?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2010-2787"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2r5q-1ca6-zqet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92876?format=json","vulnerability_id":"VCID-2t3g-7v86-q3bb","summary":"Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the \"user language option,\" which is used as part of a dynamic class name that is processed using the eval function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4031","reference_id":"","reference_type":"","scores":[{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82376","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82404","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82403","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82401","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82394","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01655","scoring_system":"epss","scoring_elements":"0.82408","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4031"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-4031"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2t3g-7v86-q3bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92869?format=json","vulnerability_id":"VCID-2ucm-c1qz-kqc8","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1888","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58758","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58804","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58809","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58801","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58786","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1888"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-1888"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ucm-c1qz-kqc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92940?format=json","vulnerability_id":"VCID-2uu5-sb92-8qdq","summary":"maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1818","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56404","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56459","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56465","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56453","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56437","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56455","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1818"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1818"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2uu5-sb92-8qdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93067?format=json","vulnerability_id":"VCID-2w68-q27x-v7g8","summary":"Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php.  This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61634","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01147","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01148","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01143","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01144","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61634"},{"reference_url":"https://phabricator.wikimedia.org/T387478","reference_id":"T387478","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:15:08Z/"}],"url":"https://phabricator.wikimedia.org/T387478"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61634"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2w68-q27x-v7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92930?format=json","vulnerability_id":"VCID-2zae-n5kh-g3ea","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4377","reference_id":"","reference_type":"","scores":[{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77315","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77344","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77354","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77343","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77334","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77355","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4377"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330","reference_id":"686330","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116029?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4377"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zae-n5kh-g3ea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3536?format=json","vulnerability_id":"VCID-33zy-2z6g-ubgx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41767","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36588","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36522","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36562","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36616","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36551","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156331","reference_id":"2156331","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156331"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://phabricator.wikimedia.org/T316304","reference_id":"T316304","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:22:46Z/"}],"url":"https://phabricator.wikimedia.org/T316304"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116078?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-41767"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33zy-2z6g-ubgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92949?format=json","vulnerability_id":"VCID-365x-cqts-sbh3","summary":"Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of \"expression\" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4568","reference_id":"","reference_type":"","scores":[{"value":"0.00497","scoring_system":"epss","scoring_elements":"0.6619","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00497","scoring_system":"epss","scoring_elements":"0.66241","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00497","scoring_system":"epss","scoring_elements":"0.6625","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00497","scoring_system":"epss","scoring_elements":"0.66234","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00497","scoring_system":"epss","scoring_elements":"0.66221","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00497","scoring_system":"epss","scoring_elements":"0.66238","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629","reference_id":"729629","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116037?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.8%2Bdfsg-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.8%252Bdfsg-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4568"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-365x-cqts-sbh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92997?format=json","vulnerability_id":"VCID-38sj-gnxk-a3a6","summary":"The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8624","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29953","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30023","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29985","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29955","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29927","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.2994","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8624"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8624"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38sj-gnxk-a3a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91598?format=json","vulnerability_id":"VCID-3a68-6whg-hubz","summary":"mediawiki: group-.*-member messages are not properly escaped on Special:log/rights","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51704.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51704.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51704","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60972","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60979","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60968","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60951","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60967","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255582","reference_id":"2255582","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255582"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116084?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116085?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116083?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.7-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.7-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-51704"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3a68-6whg-hubz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92894?format=json","vulnerability_id":"VCID-3m1y-zmau-pkgg","summary":"Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive \"cross-site\" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1318","reference_id":"","reference_type":"","scores":[{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69781","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.6982","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69829","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69808","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69831","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1318"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116011?format=json","purl":"pkg:deb/debian/mediawiki@1:1.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.11.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-1318"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3m1y-zmau-pkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6586?format=json","vulnerability_id":"VCID-3ry6-3y3d-pqbz","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0368.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0368.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0368","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46676","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46743","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46746","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46727","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46699","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46709","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569796","reference_id":"1569796","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569796"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0368"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ry6-3y3d-pqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92975?format=json","vulnerability_id":"VCID-3s9m-3e68-ybbp","summary":"Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2932","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51708","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51728","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2932"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2932"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3s9m-3e68-ybbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92995?format=json","vulnerability_id":"VCID-3x8c-y8mc-xkhw","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named \"javascript:alert('XSS!').\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8622","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53843","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.539","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53908","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53895","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53873","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53896","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8622"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8622"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8c-y8mc-xkhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92903?format=json","vulnerability_id":"VCID-3xdr-rtvb-1kh8","summary":"Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4589","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60181","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60228","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60231","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60218","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60201","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60219","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4589"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4589","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537634","reference_id":"537634","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537634"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116017?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.0-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.0-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2009-4589"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xdr-rtvb-1kh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93012?format=json","vulnerability_id":"VCID-41fp-ar4e-muam","summary":"MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12467","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52862","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52884","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52909","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52929","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52923","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12467","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12467"},{"reference_url":"https://phabricator.wikimedia.org/T209794","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T209794"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://github.com/advisories/GHSA-6vfg-8ppv-h5hg","reference_id":"GHSA-6vfg-8ppv-h5hg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6vfg-8ppv-h5hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12467","GHSA-6vfg-8ppv-h5hg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41fp-ar4e-muam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67927?format=json","vulnerability_id":"VCID-42xj-pd8b-skd3","summary":"MediaWiki: MediaWiki: Cross-site Scripting vulnerability via improper input neutralization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6594.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6594.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6594","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0053","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00532","published_at":"2026-06-06T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00531","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00526","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6594"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6594","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6594"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436122","reference_id":"2436122","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436122"},{"reference_url":"https://phabricator.wikimedia.org/T395063","reference_id":"T395063","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T19:57:15Z/"}],"url":"https://phabricator.wikimedia.org/T395063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116093?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6594"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42xj-pd8b-skd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92919?format=json","vulnerability_id":"VCID-49ad-x3z9-9kdn","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1765","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56177","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56232","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56239","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56226","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56209","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56228","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1765"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-1765"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49ad-x3z9-9kdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93064?format=json","vulnerability_id":"VCID-4a2a-qgke-juha","summary":"Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32699","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54244","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54211","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54233","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54236","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54234","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699"},{"reference_url":"https://phabricator.wikimedia.org/T387130","reference_id":"T387130","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/RE:M/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:51:20Z/"}],"url":"https://phabricator.wikimedia.org/T387130"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116096?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.12-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.12-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116097?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-32699"],"risk_score":0.7,"exploitability":"0.5","weighted_severity":"1.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4a2a-qgke-juha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93049?format=json","vulnerability_id":"VCID-4de7-nczc-mkd4","summary":"A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28204","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.5997","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59964","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59946","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59923","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59973","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28204"},{"reference_url":"https://phabricator.wikimedia.org/T297754","reference_id":"T297754","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-29T15:39:12Z/"}],"url":"https://phabricator.wikimedia.org/T297754"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-28204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4de7-nczc-mkd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93104?format=json","vulnerability_id":"VCID-4ek8-z9aj-tqae","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo.   This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php.    This issue affects Echo: from * before 1.43.7, 1.44.4, 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5266","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14917","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14794","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14818","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14921","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14877","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5266"},{"reference_url":"https://phabricator.wikimedia.org/T420154","reference_id":"T420154","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:59:36Z/"}],"url":"https://phabricator.wikimedia.org/T420154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116101?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-5266"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ek8-z9aj-tqae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92920?format=json","vulnerability_id":"VCID-4k82-n7ph-ebdq","summary":"includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1766","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56265","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.5632","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56327","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56313","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56297","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56316","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1766"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-1766"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4k82-n7ph-ebdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93046?format=json","vulnerability_id":"VCID-4zdy-45y3-53af","summary":"An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44857","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35275","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35371","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35381","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35346","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35305","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35325","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2036702","reference_id":"2036702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2036702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116075?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116073?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-44857"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zdy-45y3-53af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67926?format=json","vulnerability_id":"VCID-4zek-s44n-4ueb","summary":"MediaWiki: MediaWiki: Cross-site Scripting (XSS) vulnerability via improper input neutralization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61642.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61642.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61642","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00512","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00513","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00508","published_at":"2026-06-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00516","published_at":"2026-06-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00515","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61642"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436104","reference_id":"2436104","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436104"},{"reference_url":"https://phabricator.wikimedia.org/T402313","reference_id":"T402313","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:16:31Z/"}],"url":"https://phabricator.wikimedia.org/T402313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61642"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zek-s44n-4ueb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6864?format=json","vulnerability_id":"VCID-4zne-78ya-eqcq","summary":"cross-site scripting","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28202","reference_id":"","reference_type":"","scores":[{"value":"0.01084","scoring_system":"epss","scoring_elements":"0.78212","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01084","scoring_system":"epss","scoring_elements":"0.78238","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01084","scoring_system":"epss","scoring_elements":"0.78245","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01084","scoring_system":"epss","scoring_elements":"0.78235","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01084","scoring_system":"epss","scoring_elements":"0.78223","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01084","scoring_system":"epss","scoring_elements":"0.78241","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074123","reference_id":"2074123","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074123"},{"reference_url":"https://security.archlinux.org/AVG-2677","reference_id":"AVG-2677","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2677"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116076?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-28202"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zne-78ya-eqcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92878?format=json","vulnerability_id":"VCID-5ah3-ya1e-m3av","summary":"MediaWiki before 1.5.4 uses a hard-coded \"internal placeholder string\", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4501","reference_id":"","reference_type":"","scores":[{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69017","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69057","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69067","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.6906","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69044","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69064","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4501"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345280","reference_id":"345280","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345280"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116002?format=json","purl":"pkg:deb/debian/mediawiki@1.4.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-4501"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ah3-ya1e-m3av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43497?format=json","vulnerability_id":"VCID-5d6t-am8p-3kab","summary":"Mediawiki Improper Privilege Management\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3142","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3238","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3813","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3813"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0503","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59909","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59951","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59933","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.5995","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59959","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59956","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"},{"reference_url":"https://phabricator.wikimedia.org/T169545","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T169545"},{"reference_url":"https://www.debian.org/security/2018/dsa-4301","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4301"},{"reference_url":"http://www.securitytracker.com/id/1041695","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041695"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634161","reference_id":"1634161","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634161"},{"reference_url":"https://security.archlinux.org/ASA-201809-5","reference_id":"ASA-201809-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-5"},{"reference_url":"https://security.archlinux.org/AVG-765","reference_id":"AVG-765","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-765"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0503","reference_id":"CVE-2018-0503","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0503"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml","reference_id":"CVE-2018-0503.YAML","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml"},{"reference_url":"https://github.com/advisories/GHSA-mhfv-9h99-jwg7","reference_id":"GHSA-mhfv-9h99-jwg7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhfv-9h99-jwg7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116055?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-0503","GHSA-mhfv-9h99-jwg7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5d6t-am8p-3kab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93011?format=json","vulnerability_id":"VCID-5djd-epmq-qbft","summary":"Wikimedia MediaWiki through 1.32.1 allows CSRF.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12466","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38853","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38901","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3889","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38917","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38945","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38941","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12466","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12466"},{"reference_url":"https://phabricator.wikimedia.org/T25227","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T25227"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://github.com/advisories/GHSA-27fw-r78j-h898","reference_id":"GHSA-27fw-r78j-h898","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27fw-r78j-h898"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12466","GHSA-27fw-r78j-h898"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5djd-epmq-qbft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92873?format=json","vulnerability_id":"VCID-5ere-tdc3-q3as","summary":"Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that \"bypass HTML style attribute restrictions\" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3165","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50444","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50506","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50513","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50493","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50463","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50481","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3165"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-3165"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ere-tdc3-q3as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93051?format=json","vulnerability_id":"VCID-5f8n-ncc6-d7bd","summary":"An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47927","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16619","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16594","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.167","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16697","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16658","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16577","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47927"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160625","reference_id":"2160625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160625"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/","reference_id":"AP65YEN762IBNQPOYGUVLTQIDLM5XD2A","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html","reference_id":"msg00011.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html"},{"reference_url":"https://phabricator.wikimedia.org/T322637","reference_id":"T322637","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/"}],"url":"https://phabricator.wikimedia.org/T322637"},{"reference_url":"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/","reference_id":"UEMW64LVEH3BEXCJV43CVS6XPYURKWU3","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T15:40:18Z/"}],"url":"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116065?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116079?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-47927"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5f8n-ncc6-d7bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92973?format=json","vulnerability_id":"VCID-5kqg-4rbp-rbb9","summary":"MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9507","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44904","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44973","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44977","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44957","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44928","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4494","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9507"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-9507"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5kqg-4rbp-rbb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93021?format=json","vulnerability_id":"VCID-5m1h-d3k7-wbd4","summary":"MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19709","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54874","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54934","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54914","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54933","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54941","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54932","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709"},{"reference_url":"https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19709","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19709"},{"reference_url":"https://phabricator.wikimedia.org/T239466","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T239466"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/48","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/48"},{"reference_url":"https://www.debian.org/security/2019/dsa-4592","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4592"},{"reference_url":"https://github.com/advisories/GHSA-pjv5-vv93-p648","reference_id":"GHSA-pjv5-vv93-p648","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pjv5-vv93-p648"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116058?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-19709","GHSA-pjv5-vv93-p648"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5m1h-d3k7-wbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3544?format=json","vulnerability_id":"VCID-5nbj-5x5a-93hz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29248","reference_id":"","reference_type":"","scores":[{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.709","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70856","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70899","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70906","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.7089","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70876","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml"},{"reference_url":"https://github.com/guzzle/guzzle","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guzzle/guzzle"},{"reference_url":"https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/"}],"url":"https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab"},{"reference_url":"https://github.com/guzzle/guzzle/pull/3018","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/"}],"url":"https://github.com/guzzle/guzzle/pull/3018"},{"reference_url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/"}],"url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29248","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29248"},{"reference_url":"https://www.debian.org/security/2022/dsa-5246","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/"}],"url":"https://www.debian.org/security/2022/dsa-5246"},{"reference_url":"https://www.drupal.org/sa-core-2022-010","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/"}],"url":"https://www.drupal.org/sa-core-2022-010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636","reference_id":"1011636","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://github.com/advisories/GHSA-cwmx-hcrq-mhc3","reference_id":"GHSA-cwmx-hcrq-mhc3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwmx-hcrq-mhc3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116077?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-29248","GHSA-cwmx-hcrq-mhc3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nbj-5x5a-93hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92960?format=json","vulnerability_id":"VCID-5nt1-xhkx-yfbx","summary":"Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2244","reference_id":"","reference_type":"","scores":[{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64211","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64255","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64263","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64252","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64241","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64261","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2244"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-2244"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nt1-xhkx-yfbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92943?format=json","vulnerability_id":"VCID-5qhh-2y1t-vbab","summary":"MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2032","reference_id":"","reference_type":"","scores":[{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73405","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73441","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73447","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73433","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73421","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73445","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706601","reference_id":"706601","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706601"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116034?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2032"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qhh-2y1t-vbab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93099?format=json","vulnerability_id":"VCID-5vy2-zf68-budg","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.  This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34091","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13345","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17242","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17238","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17203","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17123","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34091"},{"reference_url":"https://phabricator.wikimedia.org/T411305","reference_id":"T411305","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/R:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T16:03:01Z/"}],"url":"https://phabricator.wikimedia.org/T411305"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116101?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34091"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vy2-zf68-budg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92942?format=json","vulnerability_id":"VCID-5weh-9e65-ukdr","summary":"MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2031","reference_id":"","reference_type":"","scores":[{"value":"0.01605","scoring_system":"epss","scoring_elements":"0.82064","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01605","scoring_system":"epss","scoring_elements":"0.82093","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01605","scoring_system":"epss","scoring_elements":"0.82094","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01605","scoring_system":"epss","scoring_elements":"0.82096","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01605","scoring_system":"epss","scoring_elements":"0.82089","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01605","scoring_system":"epss","scoring_elements":"0.82103","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706601","reference_id":"706601","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706601"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116034?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2031"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5weh-9e65-ukdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93088?format=json","vulnerability_id":"VCID-5xwh-f8st-37d2","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js.  This issue affects Vector: from >= 1.40.0 before 1.42.7, 1.43.2, 1.44.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6596","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07269","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0721","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07223","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07263","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07255","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6596"},{"reference_url":"https://phabricator.wikimedia.org/T396685","reference_id":"T396685","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:11:48Z/"}],"url":"https://phabricator.wikimedia.org/T396685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6596"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xwh-f8st-37d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92976?format=json","vulnerability_id":"VCID-5y86-4bc7-9fds","summary":"Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2933","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51708","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51728","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2933"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2933"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5y86-4bc7-9fds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93040?format=json","vulnerability_id":"VCID-5zc4-jfh4-5qbk","summary":"An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30155.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30155","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55152","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5521","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55189","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55218","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55208","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1948641","reference_id":"1948641","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1948641"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-30155"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zc4-jfh4-5qbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92985?format=json","vulnerability_id":"VCID-62un-rv92-ayfr","summary":"MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a \"billion laughs attack,\" a different vulnerability than CVE-2015-2937.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2942","reference_id":"","reference_type":"","scores":[{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82489","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82519","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82518","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82516","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82509","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82522","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2942"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2942"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62un-rv92-ayfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93078?format=json","vulnerability_id":"VCID-64bf-17rv-tkbb","summary":"Vulnerability in Wikimedia Foundation Thanks. This vulnerability is associated with program files includes/ThanksQueryHelper.Php.  This issue affects Thanks: from * before 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61654","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27236","published_at":"2026-06-09T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27366","published_at":"2026-06-05T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27316","published_at":"2026-06-06T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27276","published_at":"2026-06-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27227","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61654"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62661","reference_id":"CVE-2025-62661","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:01:13Z/"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62661"},{"reference_url":"https://phabricator.wikimedia.org/T397497","reference_id":"T397497","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:01:13Z/"}],"url":"https://phabricator.wikimedia.org/T397497"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61654"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64bf-17rv-tkbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92933?format=json","vulnerability_id":"VCID-657s-mym7-fqak","summary":"MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4380","reference_id":"","reference_type":"","scores":[{"value":"0.00552","scoring_system":"epss","scoring_elements":"0.68379","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00552","scoring_system":"epss","scoring_elements":"0.6842","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00552","scoring_system":"epss","scoring_elements":"0.68428","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00552","scoring_system":"epss","scoring_elements":"0.68421","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00552","scoring_system":"epss","scoring_elements":"0.68406","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00552","scoring_system":"epss","scoring_elements":"0.68424","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4380"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330","reference_id":"686330","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116029?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4380"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-657s-mym7-fqak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92986?format=json","vulnerability_id":"VCID-66br-a5nh-fqb8","summary":"The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6727","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61438","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61485","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61492","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61479","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61463","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61483","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6727"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096","reference_id":"799096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-6727"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66br-a5nh-fqb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92868?format=json","vulnerability_id":"VCID-67fn-d5ky-pqf9","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1245","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62706","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62751","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.6276","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.6275","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62735","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62749","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1245"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1245","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1245"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-1245"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67fn-d5ky-pqf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93095?format=json","vulnerability_id":"VCID-6abq-6jq6-cfhg","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.  This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34087","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11033","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14474","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14477","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14439","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14358","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34087"},{"reference_url":"https://phabricator.wikimedia.org/T412061","reference_id":"T412061","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/RE:M"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T16:03:46Z/"}],"url":"https://phabricator.wikimedia.org/T412061"},{"reference_url":"https://usn.ubuntu.com/8315-1/","reference_id":"USN-8315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8315-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116101?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34087"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6abq-6jq6-cfhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93014?format=json","vulnerability_id":"VCID-6nt8-u5br-yqam","summary":"MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12469","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35411","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35364","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35345","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35314","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35385","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35421","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12469","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12469"},{"reference_url":"https://phabricator.wikimedia.org/T222036","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T222036"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://github.com/advisories/GHSA-x3fr-w7r5-x7rg","reference_id":"GHSA-x3fr-w7r5-x7rg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3fr-w7r5-x7rg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12469","GHSA-x3fr-w7r5-x7rg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6nt8-u5br-yqam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92892?format=json","vulnerability_id":"VCID-6raf-x33e-2yfe","summary":"Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0460.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0460.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0460","reference_id":"","reference_type":"","scores":[{"value":"0.1566","scoring_system":"epss","scoring_elements":"0.94827","published_at":"2026-06-04T12:55:00Z"},{"value":"0.1566","scoring_system":"epss","scoring_elements":"0.94836","published_at":"2026-06-05T12:55:00Z"},{"value":"0.1566","scoring_system":"epss","scoring_elements":"0.94837","published_at":"2026-06-06T12:55:00Z"},{"value":"0.1566","scoring_system":"epss","scoring_elements":"0.94838","published_at":"2026-06-08T12:55:00Z"},{"value":"0.1566","scoring_system":"epss","scoring_elements":"0.94843","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0460"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=430286","reference_id":"430286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=430286"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116010?format=json","purl":"pkg:deb/debian/mediawiki@1:1.11.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.11.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-0460"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6raf-x33e-2yfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92994?format=json","vulnerability_id":"VCID-6wjg-yxyq-n7gj","summary":"MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8005","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48843","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48905","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48914","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48895","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48865","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4888","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8005"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wjg-yxyq-n7gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93016?format=json","vulnerability_id":"VCID-7119-yrmu-2kb8","summary":"Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12471","reference_id":"","reference_type":"","scores":[{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57916","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57917","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.579","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57913","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57924","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57863","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12471","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12471"},{"reference_url":"https://phabricator.wikimedia.org/T207603","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T207603"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://github.com/advisories/GHSA-2rm7-xxx8-35jh","reference_id":"GHSA-2rm7-xxx8-35jh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rm7-xxx8-35jh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12471","GHSA-2rm7-xxx8-35jh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7119-yrmu-2kb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92980?format=json","vulnerability_id":"VCID-73mu-5y11-s3c7","summary":"MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service (\"quadratic blowup\" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2937","reference_id":"","reference_type":"","scores":[{"value":"0.02017","scoring_system":"epss","scoring_elements":"0.84059","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02017","scoring_system":"epss","scoring_elements":"0.84082","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02017","scoring_system":"epss","scoring_elements":"0.84085","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02017","scoring_system":"epss","scoring_elements":"0.84081","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02017","scoring_system":"epss","scoring_elements":"0.84072","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2937"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2937","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2937"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2937"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73mu-5y11-s3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93015?format=json","vulnerability_id":"VCID-77ck-3e5e-rkb9","summary":"Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12470","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37316","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37265","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3725","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37288","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37321","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37224","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12470","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12470"},{"reference_url":"https://phabricator.wikimedia.org/T222038","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T222038"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://github.com/advisories/GHSA-733q-m38x-q7cc","reference_id":"GHSA-733q-m38x-q7cc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-733q-m38x-q7cc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12470","GHSA-733q-m38x-q7cc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77ck-3e5e-rkb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93020?format=json","vulnerability_id":"VCID-77gx-zju5-d7af","summary":"In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16738","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62036","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62019","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.6199","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62035","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62046","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62039","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16738","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16738"},{"reference_url":"https://phabricator.wikimedia.org/T230402","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T230402"},{"reference_url":"https://seclists.org/bugtraq/2019/Oct/32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Oct/32"},{"reference_url":"https://www.debian.org/security/2019/dsa-4545","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4545"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1755762","reference_id":"1755762","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1755762"},{"reference_url":"https://github.com/advisories/GHSA-7hwr-f745-5rwq","reference_id":"GHSA-7hwr-f745-5rwq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7hwr-f745-5rwq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116057?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-16738","GHSA-7hwr-f745-5rwq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77gx-zju5-d7af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93009?format=json","vulnerability_id":"VCID-79pf-jzxz-d3bz","summary":"MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style=\"background-image: attr(title url);\" attack within a DIV element that has an attacker-controlled URL in the title attribute.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0371.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0371.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0371","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43744","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43814","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43824","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43799","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43764","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43774","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0371"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060015","reference_id":"2060015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060015"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0371"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79pf-jzxz-d3bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93101?format=json","vulnerability_id":"VCID-7btv-s4q8-muds","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.   This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php.    This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34093","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09785","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12676","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1268","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12648","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12567","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34093"},{"reference_url":"https://phabricator.wikimedia.org/T414547","reference_id":"T414547","reference_type":"","scores":[{"value":"1.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/R:A"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:14:58Z/"}],"url":"https://phabricator.wikimedia.org/T414547"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116101?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34093"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7btv-s4q8-muds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93022?format=json","vulnerability_id":"VCID-7fnd-1drh-rfcq","summary":"resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10959","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50915","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50898","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50944","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50928","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50949","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50882","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10959"},{"reference_url":"https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10959","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10959"},{"reference_url":"https://phabricator.wikimedia.org/T232932","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T232932"},{"reference_url":"https://phabricator.wikimedia.org/T240393","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T240393"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826079","reference_id":"1826079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826079"},{"reference_url":"https://github.com/advisories/GHSA-mqhw-wq8p-vf5r","reference_id":"GHSA-mqhw-wq8p-vf5r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqhw-wq8p-vf5r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-10959","GHSA-mqhw-wq8p-vf5r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fnd-1drh-rfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92941?format=json","vulnerability_id":"VCID-7gmu-sv55-7kcc","summary":"A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1951","reference_id":"","reference_type":"","scores":[{"value":"0.0198","scoring_system":"epss","scoring_elements":"0.83895","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0198","scoring_system":"epss","scoring_elements":"0.83918","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0198","scoring_system":"epss","scoring_elements":"0.83921","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0198","scoring_system":"epss","scoring_elements":"0.83915","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0198","scoring_system":"epss","scoring_elements":"0.83905","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0198","scoring_system":"epss","scoring_elements":"0.8392","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1951","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1951"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116033?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1951"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gmu-sv55-7kcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93053?format=json","vulnerability_id":"VCID-7h9m-bkh3-kybp","summary":"An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36674","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13702","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13792","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13796","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13757","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13672","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2233116","reference_id":"2233116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2233116"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/","reference_id":"2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/","reference_id":"6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/","reference_id":"DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"},{"reference_url":"https://phabricator.wikimedia.org/T335612","reference_id":"T335612","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/"}],"url":"https://phabricator.wikimedia.org/T335612"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116065?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116064?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116066?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-36674"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7h9m-bkh3-kybp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93054?format=json","vulnerability_id":"VCID-7j2c-sm8q-3ucj","summary":"An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36675","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67658","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.6766","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67667","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67657","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67641","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36675"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40","reference_id":"1.40#Other_changes_in_1.40","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217428","reference_id":"2217428","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217428"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/","reference_id":"2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/","reference_id":"6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/","reference_id":"DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"},{"reference_url":"https://phabricator.wikimedia.org/T332889","reference_id":"T332889","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://phabricator.wikimedia.org/T332889"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116065?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116064?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116066?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-36675"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7j2c-sm8q-3ucj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92963?format=json","vulnerability_id":"VCID-7kcm-gvq9-5ydv","summary":"Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3966","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55688","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55745","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55751","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55739","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5572","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5574","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3966"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750527","reference_id":"750527","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750527"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116044?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.16%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.16%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-3966"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kcm-gvq9-5ydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3537?format=json","vulnerability_id":"VCID-7ps1-ds75-rudt","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41765","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36588","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36522","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36562","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36616","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36551","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156329","reference_id":"2156329","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156329"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://phabricator.wikimedia.org/T309894","reference_id":"T309894","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:24:49Z/"}],"url":"https://phabricator.wikimedia.org/T309894"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116078?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-41765"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ps1-ds75-rudt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93077?format=json","vulnerability_id":"VCID-7q72-4pz8-2ud1","summary":"Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php.  This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61653","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27452","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27363","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.2737","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27503","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27413","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653"},{"reference_url":"https://phabricator.wikimedia.org/T397577","reference_id":"T397577","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T20:59:18Z/"}],"url":"https://phabricator.wikimedia.org/T397577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61653"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7q72-4pz8-2ud1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93024?format=json","vulnerability_id":"VCID-7r42-v9vc-afcx","summary":"In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15005","reference_id":"","reference_type":"","scores":[{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.7324","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73204","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73216","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73228","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73247","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73241","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828"},{"reference_url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31"},{"reference_url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33"},{"reference_url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15005","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15005"},{"reference_url":"https://phabricator.wikimedia.org/T248947","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T248947"},{"reference_url":"https://www.debian.org/security/2020/dsa-4767","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851026","reference_id":"1851026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851026"},{"reference_url":"https://github.com/advisories/GHSA-xpv7-93cm-4mxv","reference_id":"GHSA-xpv7-93cm-4mxv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpv7-93cm-4mxv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116060?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-15005","GHSA-xpv7-93cm-4mxv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7r42-v9vc-afcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92914?format=json","vulnerability_id":"VCID-7w63-v8n7-5yef","summary":"Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0537","reference_id":"","reference_type":"","scores":[{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.6709","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67131","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67139","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67123","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67106","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67122","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0537"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-0537"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7w63-v8n7-5yef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93052?format=json","vulnerability_id":"VCID-7xjn-9n7a-hfcd","summary":"Mediawiki v1.40.0 does not validate namespaces used in XML files.  Therefore, if the instance administrator allows XML file uploads,  a remote attacker with a low-privileged user account can use this  exploit to become an administrator by sending a malicious link to  the instance administrator.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3550.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3550","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39989","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40024","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40027","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39999","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39972","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240807","reference_id":"2240807","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240807"},{"reference_url":"https://fluidattacks.com/advisories/blondie/","reference_id":"blondie","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/"}],"url":"https://fluidattacks.com/advisories/blondie/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/","reference_id":"FU2FGUXXK6TMV6R52VRECLC6XCSQQISY","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"},{"reference_url":"https://www.mediawiki.org/wiki/MediaWiki/","reference_id":"MediaWiki","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T15:57:17Z/"}],"url":"https://www.mediawiki.org/wiki/MediaWiki/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116081?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116080?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116082?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-3550"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xjn-9n7a-hfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3549?format=json","vulnerability_id":"VCID-8183-4jrw-6ybh","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44854","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.442","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44251","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44268","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44276","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44226","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44214","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156316","reference_id":"2156316","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156316"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://phabricator.wikimedia.org/T292763","reference_id":"T292763","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:53:28Z/"}],"url":"https://phabricator.wikimedia.org/T292763"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116073?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-44854"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8183-4jrw-6ybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93035?format=json","vulnerability_id":"VCID-83a5-4zyr-93f5","summary":"MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35479","reference_id":"","reference_type":"","scores":[{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75377","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75407","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.7541","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75401","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75388","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75413","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909237","reference_id":"1909237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909237"},{"reference_url":"https://security.archlinux.org/ASA-202101-22","reference_id":"ASA-202101-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-22"},{"reference_url":"https://security.archlinux.org/AVG-1371","reference_id":"AVG-1371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1371"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116063?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-35479"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83a5-4zyr-93f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92901?format=json","vulnerability_id":"VCID-83gw-3ese-gyg4","summary":"MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5688","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60168","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60214","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60217","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60204","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60187","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60205","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5688"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116013?format=json","purl":"pkg:deb/debian/mediawiki@1:1.13.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.13.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-5688"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83gw-3ese-gyg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30634?format=json","vulnerability_id":"VCID-84eq-cq89-9qhm","summary":"Modification of Assumed-Immutable Data (MAID)\nPrototype pollution attack through jQuery $.extend","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"},{"reference_url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:1570","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://access.redhat.com/errata/RHBA-2019:1570"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1456","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2587","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3023","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3024","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3024"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11358","reference_id":"","reference_type":"","scores":[{"value":"0.01319","scoring_system":"epss","scoring_elements":"0.80249","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81678","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81677","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81672","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81646","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11358"},{"reference_url":"https://backdropcms.org/security/backdrop-sa-core-2019-009","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://backdropcms.org/security/backdrop-sa-core-2019-009"},{"reference_url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released"},{"reference_url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://seclists.org/fulldisclosure/2019/May/10"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/11","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://seclists.org/fulldisclosure/2019/May/11"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/13","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://seclists.org/fulldisclosure/2019/May/13"},{"reference_url":"https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f"},{"reference_url":"https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829"},{"reference_url":"https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad"},{"reference_url":"https://github.com/jquery/jquery","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jquery/jquery"},{"reference_url":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"},{"reference_url":"https://github.com/jquery/jquery/pull/4333","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://github.com/jquery/jquery/pull/4333"},{"reference_url":"https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"},{"reference_url":"https://github.com/maximebf/php-debugbar/issues/447","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/maximebf/php-debugbar/issues/447"},{"reference_url":"https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434"},{"reference_url":"https://hackerone.com/reports/454365","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://hackerone.com/reports/454365"},{"reference_url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"},{"reference_url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://seclists.org/bugtraq/2019/Apr/32"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://seclists.org/bugtraq/2019/May/18","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://seclists.org/bugtraq/2019/May/18"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190919-0001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190919-0001"},{"reference_url":"https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006"},{"reference_url":"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"},{"reference_url":"https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023"},{"reference_url":"https://www.debian.org/security/2019/dsa-4434","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.debian.org/security/2019/dsa-4434"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases"},{"reference_url":"https://www.drupal.org/sa-core-2019-006","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.drupal.org/sa-core-2019-006"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://www.tenable.com/security/tns-2019-08","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.tenable.com/security/tns-2019-08"},{"reference_url":"https://www.tenable.com/security/tns-2020-02","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.tenable.com/security/tns-2020-02"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/03/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/06/03/2"},{"reference_url":"http://www.securityfocus.com/bid/108023","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"http://www.securityfocus.com/bid/108023"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1701972","reference_id":"1701972","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1701972"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json","reference_id":"496","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/","reference_id":"4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/","reference_id":"5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466","reference_id":"927466","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466"},{"reference_url":"https://security.archlinux.org/ASA-201906-2","reference_id":"ASA-201906-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-2"},{"reference_url":"https://security.archlinux.org/AVG-969","reference_id":"AVG-969","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-969"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11358","reference_id":"CVE-2019-11358","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11358"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml","reference_id":"CVE-2019-11358.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt","reference_id":"CVE-2020-7656;CVE-2019-11358","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt"},{"reference_url":"https://github.com/advisories/GHSA-6c3j-c64m-qhgq","reference_id":"GHSA-6c3j-c64m-qhgq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6c3j-c64m-qhgq"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/","reference_id":"KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"},{"reference_url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/","reference_id":"mitigating-cve-2019-11358-in-old-versions-of-jquery","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190919-0001/","reference_id":"ntap-20190919-0001","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190919-0001/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/","reference_id":"QV3PKZC3PQCO3273HAT76PAQZFBEO4KP","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1325","reference_id":"RHSA-2020:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2412","reference_id":"RHSA-2020:2412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3936","reference_id":"RHSA-2020:3936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4670","reference_id":"RHSA-2020:4670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4847","reference_id":"RHSA-2020:4847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5581","reference_id":"RHSA-2020:5581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4142","reference_id":"RHSA-2021:4142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7343","reference_id":"RHSA-2022:7343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/","reference_id":"RLXRX23725JL366CNZGJZ7AQQB7LHQ6F","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"},{"reference_url":"https://usn.ubuntu.com/7622-1/","reference_id":"USN-7622-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7622-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/","reference_id":"WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-11358","GHSA-6c3j-c64m-qhgq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84eq-cq89-9qhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92945?format=json","vulnerability_id":"VCID-84ke-9rr2-x7dk","summary":"includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a \"<\" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4301","reference_id":"","reference_type":"","scores":[{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.727","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72739","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72747","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72729","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72716","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.7274","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4301"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116036?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4301"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84ke-9rr2-x7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92867?format=json","vulnerability_id":"VCID-85rh-tzat-5fea","summary":"Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0536","reference_id":"","reference_type":"","scores":[{"value":"0.01065","scoring_system":"epss","scoring_elements":"0.78024","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01065","scoring_system":"epss","scoring_elements":"0.78052","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01065","scoring_system":"epss","scoring_elements":"0.78059","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01065","scoring_system":"epss","scoring_elements":"0.78048","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01065","scoring_system":"epss","scoring_elements":"0.78037","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01065","scoring_system":"epss","scoring_elements":"0.78055","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0536"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-0536"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85rh-tzat-5fea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93075?format=json","vulnerability_id":"VCID-863q-kfu4-h7fn","summary":"Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php.  This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61646","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00758","published_at":"2026-06-06T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00751","published_at":"2026-06-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00752","published_at":"2026-06-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00755","published_at":"2026-06-05T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00754","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646"},{"reference_url":"https://phabricator.wikimedia.org/T398706","reference_id":"T398706","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:04:40Z/"}],"url":"https://phabricator.wikimedia.org/T398706"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61646"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-863q-kfu4-h7fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92865?format=json","vulnerability_id":"VCID-8d64-dtpu-r3d9","summary":"Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0535","reference_id":"","reference_type":"","scores":[{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75613","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75641","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75644","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75633","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75621","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75646","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0535"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-0535"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8d64-dtpu-r3d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7084?format=json","vulnerability_id":"VCID-8g9q-btdb-uybs","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41798","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36716","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36808","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36815","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36781","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36743","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36755","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2009507","reference_id":"2009507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2009507"},{"reference_url":"https://security.archlinux.org/AVG-2434","reference_id":"AVG-2434","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2434"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116071?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116072?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-41798"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8g9q-btdb-uybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93037?format=json","vulnerability_id":"VCID-8ptu-3nqm-8fb6","summary":"An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to \"protect\" a page, a user is currently able to protect to a higher level than they currently have permissions for.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30152","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59383","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59434","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59437","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59429","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59409","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59426","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1948636","reference_id":"1948636","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1948636"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-30152"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ptu-3nqm-8fb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93019?format=json","vulnerability_id":"VCID-8te2-uyp7-c7b2","summary":"Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12474","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49211","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49189","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49177","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49207","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49222","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49151","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12474","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12474"},{"reference_url":"https://phabricator.wikimedia.org/T212118","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T212118"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://github.com/advisories/GHSA-2qrr-c2gh-pr35","reference_id":"GHSA-2qrr-c2gh-pr35","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qrr-c2gh-pr35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12474","GHSA-2qrr-c2gh-pr35"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8te2-uyp7-c7b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7081?format=json","vulnerability_id":"VCID-8v3n-gcv9-p7ft","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41801","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59622","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59672","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59675","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59666","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59647","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801"},{"reference_url":"https://security.archlinux.org/AVG-2434","reference_id":"AVG-2434","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2434"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116071?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116072?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-41801"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8v3n-gcv9-p7ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92964?format=json","vulnerability_id":"VCID-9br2-t8bx-jude","summary":"The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5241","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54871","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54928","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54929","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5491","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54931","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57714","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5243","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5243"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758510","reference_id":"758510","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758510"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116045?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.18%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.18%252Bdfsg-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-5241"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9br2-t8bx-jude"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92306?format=json","vulnerability_id":"VCID-9dsk-ed65-mkag","summary":"mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45360","reference_id":"","reference_type":"","scores":[{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60632","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60637","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60645","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60633","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60616","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247803","reference_id":"2247803","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247803"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/","reference_id":"FU2FGUXXK6TMV6R52VRECLC6XCSQQISY","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"},{"reference_url":"https://phabricator.wikimedia.org/T340221","reference_id":"T340221","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T14:08:22Z/"}],"url":"https://phabricator.wikimedia.org/T340221"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116081?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116080?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116082?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-45360"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dsk-ed65-mkag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93089?format=json","vulnerability_id":"VCID-9een-xeaw-mfe3","summary":"Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php.  This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67478","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02992","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02922","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02887","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02984","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02939","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67478"},{"reference_url":"https://phabricator.wikimedia.org/T385403","reference_id":"T385403","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:08Z/"}],"url":"https://phabricator.wikimedia.org/T385403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116099?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116100?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67478"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9een-xeaw-mfe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93031?format=json","vulnerability_id":"VCID-9n45-258d-37d2","summary":"In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35474.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35474","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.6482","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64862","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64872","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64861","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.6485","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64868","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35474"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909227","reference_id":"1909227","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909227"},{"reference_url":"https://security.archlinux.org/ASA-202101-22","reference_id":"ASA-202101-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-22"},{"reference_url":"https://security.archlinux.org/AVG-1371","reference_id":"AVG-1371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1371"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116063?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-35474"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9n45-258d-37d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92990?format=json","vulnerability_id":"VCID-9qwn-s44c-kbg8","summary":"The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8001","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55698","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55755","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55749","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5573","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5575","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qwn-s44c-kbg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93085?format=json","vulnerability_id":"VCID-9vkp-6998-skh8","summary":"Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php.  This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 before 1.43.2, 1.44.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6592","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05723","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05681","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05715","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05736","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05724","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6592"},{"reference_url":"https://phabricator.wikimedia.org/T391218","reference_id":"T391218","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T14:48:41Z/"}],"url":"https://phabricator.wikimedia.org/T391218"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6592"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vkp-6998-skh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93059?format=json","vulnerability_id":"VCID-9xzv-aers-cqa7","summary":"Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11175","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03253","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03175","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03201","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03219","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03263","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11175"},{"reference_url":"https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d","reference_id":"I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:28:31Z/"}],"url":"https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d"},{"reference_url":"https://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7","reference_id":"I563219f3298a8740e158d130492bf3d2897784d7","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:28:31Z/"}],"url":"https://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7"},{"reference_url":"https://phabricator.wikimedia.org/T364910","reference_id":"T364910","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:28:31Z/"}],"url":"https://phabricator.wikimedia.org/T364910"},{"reference_url":"https://phabricator.wikimedia.org/T396248","reference_id":"T396248","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:28:31Z/"}],"url":"https://phabricator.wikimedia.org/T396248"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-11175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xzv-aers-cqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3546?format=json","vulnerability_id":"VCID-9zp6-ekqa-6qey","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28201","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20931","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2087","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20945","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20826","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20886","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20822","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116076?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-28201"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zp6-ekqa-6qey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6408?format=json","vulnerability_id":"VCID-a1mq-jgwy-4bhs","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8809","reference_id":"","reference_type":"","scores":[{"value":"0.18083","scoring_system":"epss","scoring_elements":"0.95296","published_at":"2026-06-04T12:55:00Z"},{"value":"0.18083","scoring_system":"epss","scoring_elements":"0.95304","published_at":"2026-06-05T12:55:00Z"},{"value":"0.18083","scoring_system":"epss","scoring_elements":"0.95306","published_at":"2026-06-06T12:55:00Z"},{"value":"0.18083","scoring_system":"epss","scoring_elements":"0.95308","published_at":"2026-06-08T12:55:00Z"},{"value":"0.18083","scoring_system":"epss","scoring_elements":"0.95312","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815"},{"reference_url":"https://security.archlinux.org/ASA-201711-20","reference_id":"ASA-201711-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-20"},{"reference_url":"https://security.archlinux.org/AVG-490","reference_id":"AVG-490","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116054?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-8809"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1mq-jgwy-4bhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92965?format=json","vulnerability_id":"VCID-a5y8-w7vr-7qdc","summary":"Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5242","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62271","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62319","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62326","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62316","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.623","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5242"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-5242"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5y8-w7vr-7qdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92952?format=json","vulnerability_id":"VCID-a8vf-xn29-jbe1","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6452","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55134","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55193","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.552","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55191","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55172","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116038?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-6452"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8vf-xn29-jbe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92947?format=json","vulnerability_id":"VCID-aczg-9f5v-vbhw","summary":"includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4303","reference_id":"","reference_type":"","scores":[{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68839","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68878","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68886","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68879","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68863","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68882","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4303"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116036?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4303"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aczg-9f5v-vbhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6405?format=json","vulnerability_id":"VCID-ajfs-yq8z-9ug4","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8812","reference_id":"","reference_type":"","scores":[{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74972","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.7494","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74968","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74975","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74964","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74949","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815"},{"reference_url":"https://security.archlinux.org/ASA-201711-20","reference_id":"ASA-201711-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-20"},{"reference_url":"https://security.archlinux.org/AVG-490","reference_id":"AVG-490","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116054?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-8812"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajfs-yq8z-9ug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6406?format=json","vulnerability_id":"VCID-ajw1-97z6-q7gx","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8811","reference_id":"","reference_type":"","scores":[{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.5589","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55828","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55884","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55881","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55878","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815"},{"reference_url":"https://security.archlinux.org/ASA-201711-20","reference_id":"ASA-201711-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-20"},{"reference_url":"https://security.archlinux.org/AVG-490","reference_id":"AVG-490","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116054?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-8811"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajw1-97z6-q7gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93055?format=json","vulnerability_id":"VCID-akne-d77h-uubc","summary":"An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45359","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44803","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44835","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44842","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4482","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44791","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45359"},{"reference_url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/c17b956e0750e051ac7c1098e3ff625f0db82b2c","reference_id":"c17b956e0750e051ac7c1098e3ff625f0db82b2c","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T21:38:11Z/"}],"url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/c17b956e0750e051ac7c1098e3ff625f0db82b2c"},{"reference_url":"https://phabricator.wikimedia.org/T340217","reference_id":"T340217","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T21:38:11Z/"}],"url":"https://phabricator.wikimedia.org/T340217"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116080?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116082?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-45359"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akne-d77h-uubc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92953?format=json","vulnerability_id":"VCID-anwp-a92h-qufy","summary":"MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6453","reference_id":"","reference_type":"","scores":[{"value":"0.00623","scoring_system":"epss","scoring_elements":"0.70515","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00623","scoring_system":"epss","scoring_elements":"0.70557","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00623","scoring_system":"epss","scoring_elements":"0.70566","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00623","scoring_system":"epss","scoring_elements":"0.70548","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00623","scoring_system":"epss","scoring_elements":"0.70536","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00623","scoring_system":"epss","scoring_elements":"0.7056","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116038?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-6453"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-anwp-a92h-qufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67916?format=json","vulnerability_id":"VCID-b7jg-spzr-dbgx","summary":"MediaWiki: MediaWiki: Cross-site Scripting vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67477.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67477","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00779","published_at":"2026-06-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00784","published_at":"2026-06-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00778","published_at":"2026-06-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00783","published_at":"2026-06-05T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00787","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436175","reference_id":"2436175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436175"},{"reference_url":"https://phabricator.wikimedia.org/T406639","reference_id":"T406639","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:18Z/"}],"url":"https://phabricator.wikimedia.org/T406639"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116100?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67477"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7jg-spzr-dbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93002?format=json","vulnerability_id":"VCID-b863-3dnr-mbgj","summary":"ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6331","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37428","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37521","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37525","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37493","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37454","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37467","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6331"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116051?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6331"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b863-3dnr-mbgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92983?format=json","vulnerability_id":"VCID-bf5e-9b9v-w3a2","summary":"Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2940","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53096","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53157","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53165","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53146","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5312","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53145","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2940"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2940"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bf5e-9b9v-w3a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93079?format=json","vulnerability_id":"VCID-bgz1-1upc-hqg9","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js.  This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61655","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07085","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07027","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07047","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0708","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07071","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61655"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61655","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61655"},{"reference_url":"https://phabricator.wikimedia.org/T395858","reference_id":"T395858","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:00:47Z/"}],"url":"https://phabricator.wikimedia.org/T395858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61655"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgz1-1upc-hqg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92998?format=json","vulnerability_id":"VCID-bq1y-sqw8-b7gn","summary":"MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8625","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54366","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54423","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54432","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54421","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54399","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5442","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8625"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8625"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bq1y-sqw8-b7gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93000?format=json","vulnerability_id":"VCID-bqvw-d1sj-2yh7","summary":"MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8627","reference_id":"","reference_type":"","scores":[{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62837","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62879","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62888","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62878","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62864","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8627"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8627"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqvw-d1sj-2yh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92897?format=json","vulnerability_id":"VCID-bszr-887y-2yg7","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5250","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58022","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58082","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58071","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58057","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58074","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5250"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5250","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508869","reference_id":"508869","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508869"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116013?format=json","purl":"pkg:deb/debian/mediawiki@1:1.13.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.13.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-5250"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bszr-887y-2yg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6407?format=json","vulnerability_id":"VCID-bx8m-mdg4-vbdx","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8810","reference_id":"","reference_type":"","scores":[{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76861","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76821","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76854","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76862","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.76851","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00959","scoring_system":"epss","scoring_elements":"0.7684","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815"},{"reference_url":"https://security.archlinux.org/ASA-201711-20","reference_id":"ASA-201711-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-20"},{"reference_url":"https://security.archlinux.org/AVG-490","reference_id":"AVG-490","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116054?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-8810"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bx8m-mdg4-vbdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67924?format=json","vulnerability_id":"VCID-byy7-dtdj-67h7","summary":"MediaWiki: MediaWiki: Arbitrary code execution via Cross-site Scripting (XSS)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61640.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61640.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61640","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00512","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00513","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00508","published_at":"2026-06-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00516","published_at":"2026-06-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00515","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436106","reference_id":"2436106","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436106"},{"reference_url":"https://phabricator.wikimedia.org/T402075","reference_id":"T402075","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:09:45Z/"}],"url":"https://phabricator.wikimedia.org/T402075"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61640"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-byy7-dtdj-67h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92979?format=json","vulnerability_id":"VCID-c1xr-bwhe-ffd1","summary":"MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2936","reference_id":"","reference_type":"","scores":[{"value":"0.0189","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0189","scoring_system":"epss","scoring_elements":"0.83553","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0189","scoring_system":"epss","scoring_elements":"0.83556","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0189","scoring_system":"epss","scoring_elements":"0.83552","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0189","scoring_system":"epss","scoring_elements":"0.83544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0189","scoring_system":"epss","scoring_elements":"0.83557","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2936"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2936"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2936"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1xr-bwhe-ffd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93093?format=json","vulnerability_id":"VCID-c8pm-jjx6-k3du","summary":"Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6926","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50912","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50941","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50946","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50926","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50896","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6926"},{"reference_url":"https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117","reference_id":"1165117","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-03T17:40:14Z/"}],"url":"https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117"},{"reference_url":"https://phabricator.wikimedia.org/T389010","reference_id":"T389010","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-03T17:40:14Z/"}],"url":"https://phabricator.wikimedia.org/T389010"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116093?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6926"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8pm-jjx6-k3du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92959?format=json","vulnerability_id":"VCID-cbg1-nkqw-w3gx","summary":"includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2243","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59943","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.5999","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59993","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59981","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59964","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59982","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2243"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2243","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2243"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116041?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-2243"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbg1-nkqw-w3gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43382?format=json","vulnerability_id":"VCID-cdzw-fsu7-5ybt","summary":"Mediawiki BotPassword can bypass CentralAuth's account lock\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3142","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3238","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3813","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3813"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0505","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62739","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62783","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62769","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62794","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62784","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"},{"reference_url":"https://phabricator.wikimedia.org/T194605","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T194605"},{"reference_url":"https://www.debian.org/security/2018/dsa-4301","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4301"},{"reference_url":"http://www.securitytracker.com/id/1041695","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041695"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634166","reference_id":"1634166","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634166"},{"reference_url":"https://security.archlinux.org/ASA-201809-5","reference_id":"ASA-201809-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-5"},{"reference_url":"https://security.archlinux.org/AVG-765","reference_id":"AVG-765","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-765"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0505","reference_id":"CVE-2018-0505","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0505"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml","reference_id":"CVE-2018-0505.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml"},{"reference_url":"https://github.com/advisories/GHSA-5c6w-f4w2-2grp","reference_id":"GHSA-5c6w-f4w2-2grp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5c6w-f4w2-2grp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116055?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-0505","GHSA-5c6w-f4w2-2grp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdzw-fsu7-5ybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92967?format=json","vulnerability_id":"VCID-cpuc-w8m7-nudw","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7199","reference_id":"","reference_type":"","scores":[{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54611","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54669","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.5468","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54673","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54652","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54672","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7199"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762754","reference_id":"762754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762754"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116046?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.19%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.19%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-7199"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpuc-w8m7-nudw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6592?format=json","vulnerability_id":"VCID-crjt-dux3-rbgw","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0362.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0362","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35248","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35355","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35366","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3533","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3529","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35309","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0362"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569737","reference_id":"1569737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569737"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0362"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crjt-dux3-rbgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93070?format=json","vulnerability_id":"VCID-ctmd-deha-syaw","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php.  This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61638","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00659","published_at":"2026-06-06T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00652","published_at":"2026-06-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00654","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00658","published_at":"2026-06-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00656","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61638"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638"},{"reference_url":"https://phabricator.wikimedia.org/T401099","reference_id":"T401099","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:10:22Z/"}],"url":"https://phabricator.wikimedia.org/T401099"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61638"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctmd-deha-syaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93090?format=json","vulnerability_id":"VCID-cvrq-1xmh-43eu","summary":"Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php.  This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67480","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18656","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18536","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18553","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18654","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18617","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67480"},{"reference_url":"https://phabricator.wikimedia.org/T401053","reference_id":"T401053","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:01:49Z/"}],"url":"https://phabricator.wikimedia.org/T401053"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116099?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116100?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67480"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvrq-1xmh-43eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93062?format=json","vulnerability_id":"VCID-cx2g-7k39-9kc6","summary":"Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php.  This issue affects MediaWiki: before 1.42.6, 1.43.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32697","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50823","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50791","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50776","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50806","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50828","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32697"},{"reference_url":"https://phabricator.wikimedia.org/T140010","reference_id":"T140010","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:05:19Z/"}],"url":"https://phabricator.wikimedia.org/T140010"},{"reference_url":"https://phabricator.wikimedia.org/T24521","reference_id":"T24521","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:05:19Z/"}],"url":"https://phabricator.wikimedia.org/T24521"},{"reference_url":"https://phabricator.wikimedia.org/T62109","reference_id":"T62109","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:05:19Z/"}],"url":"https://phabricator.wikimedia.org/T62109"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116097?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-32697"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cx2g-7k39-9kc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35760?format=json","vulnerability_id":"VCID-cz6q-73vy-tbcf","summary":"An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the \"exception\" keyword.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20270","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44973","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44937","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45006","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4501","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4499","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44961","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20270"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922136","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-9w8r-397f-prfh","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9w8r-397f-prfh"},{"reference_url":"https://github.com/pygments/pygments","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pygments/pygments"},{"reference_url":"https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"},{"reference_url":"https://www.debian.org/security/2021/dsa-4889","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4889"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664","reference_id":"984664","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664"},{"reference_url":"https://security.archlinux.org/AVG-1662","reference_id":"AVG-1662","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1662"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20270","reference_id":"CVE-2021-20270","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20270"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3252","reference_id":"RHSA-2021:3252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4139","reference_id":"RHSA-2021:4139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4150","reference_id":"RHSA-2021:4150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4151","reference_id":"RHSA-2021:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4151"},{"reference_url":"https://usn.ubuntu.com/4885-1/","reference_id":"USN-4885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4885-1/"},{"reference_url":"https://usn.ubuntu.com/4897-2/","reference_id":"USN-4897-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4897-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-20270","GHSA-9w8r-397f-prfh","PYSEC-2021-140"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cz6q-73vy-tbcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92922?format=json","vulnerability_id":"VCID-db8z-ccab-cfec","summary":"MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4361","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38884","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38888","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3886","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38832","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38843","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4361"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650434","reference_id":"650434","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650434"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116025?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-4361"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db8z-ccab-cfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93032?format=json","vulnerability_id":"VCID-dcfu-1hu2-9bh2","summary":"In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35475","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69615","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69655","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69663","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69653","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69642","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69662","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909224","reference_id":"1909224","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909224"},{"reference_url":"https://security.archlinux.org/ASA-202101-22","reference_id":"ASA-202101-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-22"},{"reference_url":"https://security.archlinux.org/AVG-1371","reference_id":"AVG-1371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1371"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116063?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-35475"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dcfu-1hu2-9bh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92885?format=json","vulnerability_id":"VCID-ddfu-w99d-w7gw","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"sortable tables JavaScript.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0788","reference_id":"","reference_type":"","scores":[{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.6746","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67501","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67508","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67496","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67479","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67495","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0788"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2007-0788"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddfu-w99d-w7gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3545?format=json","vulnerability_id":"VCID-dej6-xxfh-2uej","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28203","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62183","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62126","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62176","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62174","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62173","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62158","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116076?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-28203"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dej6-xxfh-2uej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92982?format=json","vulnerability_id":"VCID-dheh-1gke-sbgp","summary":"Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2939","reference_id":"","reference_type":"","scores":[{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61525","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61573","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.6158","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61569","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61553","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61572","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2939"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2939","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2939"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2939"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dheh-1gke-sbgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93023?format=json","vulnerability_id":"VCID-dm88-f754-pqfa","summary":"In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10960.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10960","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43364","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4333","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43403","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43413","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43389","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43355","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10960"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10960.yaml"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10960","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10960"},{"reference_url":"https://phabricator.wikimedia.org/T246602","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T246602"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826076","reference_id":"1826076","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826076"},{"reference_url":"https://github.com/advisories/GHSA-pfm2-mqwj-ggm5","reference_id":"GHSA-pfm2-mqwj-ggm5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pfm2-mqwj-ggm5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116059?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-10960","GHSA-pfm2-mqwj-ggm5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dm88-f754-pqfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93103?format=json","vulnerability_id":"VCID-dnka-4jmd-uudb","summary":"Vulnerability in Wikimedia Foundation MediaWiki.   This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php.    This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34095","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0866","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11217","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11211","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11177","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11097","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34095","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34095"},{"reference_url":"https://phabricator.wikimedia.org/T419192","reference_id":"T419192","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:03:59Z/"}],"url":"https://phabricator.wikimedia.org/T419192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34095"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnka-4jmd-uudb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43547?format=json","vulnerability_id":"VCID-dqvd-5d51-sbge","summary":"Mediawiki information disclosure vulnerability\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3238","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3813","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3813"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0504","reference_id":"","reference_type":"","scores":[{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.81641","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.81682","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.81666","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.81673","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.81672","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"},{"reference_url":"https://phabricator.wikimedia.org/T187638","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T187638"},{"reference_url":"https://www.debian.org/security/2018/dsa-4301","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4301"},{"reference_url":"http://www.securitytracker.com/id/1041695","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041695"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634168","reference_id":"1634168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634168"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0504","reference_id":"CVE-2018-0504","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0504"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml","reference_id":"CVE-2018-0504.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml"},{"reference_url":"https://github.com/advisories/GHSA-hr8v-f4g2-p66f","reference_id":"GHSA-hr8v-f4g2-p66f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hr8v-f4g2-p66f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116055?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-0504","GHSA-hr8v-f4g2-p66f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqvd-5d51-sbge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92936?format=json","vulnerability_id":"VCID-ds2e-qzp9-r3hx","summary":"The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4885","reference_id":"","reference_type":"","scores":[{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.79105","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.79131","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.79137","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.79128","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.79116","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.79134","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116030?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4885"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ds2e-qzp9-r3hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93029?format=json","vulnerability_id":"VCID-dsh9-aupc-6kce","summary":"An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25827","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47169","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47186","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47138","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47202","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47205","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47156","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25827","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25827"},{"reference_url":"https://phabricator.wikimedia.org/T251661","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T251661"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903761","reference_id":"1903761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903761"},{"reference_url":"https://github.com/advisories/GHSA-rqvj-fc2x-99q6","reference_id":"GHSA-rqvj-fc2x-99q6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rqvj-fc2x-99q6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116062?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-25827","GHSA-rqvj-fc2x-99q6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsh9-aupc-6kce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93025?format=json","vulnerability_id":"VCID-du3q-drv8-hkc7","summary":"An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25812","reference_id":"","reference_type":"","scores":[{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59264","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59248","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59266","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59275","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59271","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59221","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828"},{"reference_url":"https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25812.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25812","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25812"},{"reference_url":"https://phabricator.wikimedia.org/T255918","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T255918"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903767","reference_id":"1903767","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903767"},{"reference_url":"https://github.com/advisories/GHSA-rj9p-8jxj-2ch4","reference_id":"GHSA-rj9p-8jxj-2ch4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rj9p-8jxj-2ch4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116062?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-25812","GHSA-rj9p-8jxj-2ch4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-du3q-drv8-hkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93017?format=json","vulnerability_id":"VCID-e3pm-2tfy-qkaa","summary":"An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12472","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35461","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35508","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35491","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35529","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35568","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35557","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12472","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12472"},{"reference_url":"https://phabricator.wikimedia.org/T199540","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T199540"},{"reference_url":"https://github.com/advisories/GHSA-7mqg-5fgh-xh4r","reference_id":"GHSA-7mqg-5fgh-xh4r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7mqg-5fgh-xh4r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12472","GHSA-7mqg-5fgh-xh4r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3pm-2tfy-qkaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92991?format=json","vulnerability_id":"VCID-e499-jcv7-53fh","summary":"The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8002","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67223","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67264","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67272","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67256","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67239","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67255","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8002"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8002"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e499-jcv7-53fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92977?format=json","vulnerability_id":"VCID-e7fa-fjuj-wubd","summary":"MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2934","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51708","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51728","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2934"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2934"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7fa-fjuj-wubd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92970?format=json","vulnerability_id":"VCID-e8um-kuds-6bhc","summary":"The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9277","reference_id":"","reference_type":"","scores":[{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75417","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75446","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.7545","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.7544","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75427","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75453","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772764","reference_id":"772764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772764"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116048?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-9277"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8um-kuds-6bhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93056?format=json","vulnerability_id":"VCID-ekvq-h9jn-eqft","summary":"An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45361","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40436","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40475","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40478","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4045","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40422","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45361"},{"reference_url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/2a452b7e2562cba32b8a17bc91dc5abb531f0a1c","reference_id":"2a452b7e2562cba32b8a17bc91dc5abb531f0a1c","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:03Z/"}],"url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/2a452b7e2562cba32b8a17bc91dc5abb531f0a1c"},{"reference_url":"https://phabricator.wikimedia.org/T340220","reference_id":"T340220","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:03Z/"}],"url":"https://phabricator.wikimedia.org/T340220"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116080?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116082?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-45361"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekvq-h9jn-eqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93028?format=json","vulnerability_id":"VCID-er5f-3bhf-b7fy","summary":"An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25815","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60167","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60149","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60166","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60179","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60176","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60129","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815"},{"reference_url":"https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25815","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25815"},{"reference_url":"https://phabricator.wikimedia.org/T256171","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T256171"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903759","reference_id":"1903759","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903759"},{"reference_url":"https://github.com/advisories/GHSA-2f58-vf6g-6p8x","reference_id":"GHSA-2f58-vf6g-6p8x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2f58-vf6g-6p8x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116062?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-25815","GHSA-2f58-vf6g-6p8x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-er5f-3bhf-b7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3541?format=json","vulnerability_id":"VCID-ew3c-g4bd-kkeg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31090","reference_id":"","reference_type":"","scores":[{"value":"0.01842","scoring_system":"epss","scoring_elements":"0.83337","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01842","scoring_system":"epss","scoring_elements":"0.83311","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01842","scoring_system":"epss","scoring_elements":"0.83339","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01842","scoring_system":"epss","scoring_elements":"0.83342","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01842","scoring_system":"epss","scoring_elements":"0.83328","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01842","scoring_system":"epss","scoring_elements":"0.83335","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml"},{"reference_url":"https://github.com/guzzle/guzzle","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guzzle/guzzle"},{"reference_url":"https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md"},{"reference_url":"https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md"},{"reference_url":"https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/"}],"url":"https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82"},{"reference_url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/"}],"url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31090","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31090"},{"reference_url":"https://security.gentoo.org/glsa/202305-24","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/"}],"url":"https://security.gentoo.org/glsa/202305-24"},{"reference_url":"https://www.debian.org/security/2022/dsa-5246","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/"}],"url":"https://www.debian.org/security/2022/dsa-5246"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492","reference_id":"1014492","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://github.com/advisories/GHSA-25mq-v84q-4j7r","reference_id":"GHSA-25mq-v84q-4j7r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-25mq-v84q-4j7r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116077?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-31090","GHSA-25mq-v84q-4j7r","GMS-2022-2528"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ew3c-g4bd-kkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92944?format=json","vulnerability_id":"VCID-exrg-sg43-yydr","summary":"Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2114","reference_id":"","reference_type":"","scores":[{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80749","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80776","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80778","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80774","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80771","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80791","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2114"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116035?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2114"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exrg-sg43-yydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92974?format=json","vulnerability_id":"VCID-exuu-h38n-vkf7","summary":"Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2931","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51708","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51728","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2931"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2931"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exuu-h38n-vkf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92888?format=json","vulnerability_id":"VCID-eyfm-vq6j-fufv","summary":"Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1054","reference_id":"","reference_type":"","scores":[{"value":"0.04807","scoring_system":"epss","scoring_elements":"0.89679","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04807","scoring_system":"epss","scoring_elements":"0.89696","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04807","scoring_system":"epss","scoring_elements":"0.89698","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04807","scoring_system":"epss","scoring_elements":"0.89697","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04807","scoring_system":"epss","scoring_elements":"0.89713","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1054"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406238","reference_id":"406238","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406238"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116007?format=json","purl":"pkg:deb/debian/mediawiki@1.7.1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.7.1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2007-1054"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eyfm-vq6j-fufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92954?format=json","vulnerability_id":"VCID-f41k-yj26-zue1","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6454","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55134","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55193","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.552","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55191","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55172","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116038?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-6454"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f41k-yj26-zue1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6584?format=json","vulnerability_id":"VCID-f51q-x4tn-z7dz","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0370.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0370","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46676","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46743","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46746","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46727","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46699","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46709","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0370"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569804","reference_id":"1569804","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569804"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0370"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f51q-x4tn-z7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92932?format=json","vulnerability_id":"VCID-fb37-pswr-k7hz","summary":"MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4379","reference_id":"","reference_type":"","scores":[{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62832","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62875","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62884","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62874","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.6286","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4379"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4379","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4379"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330","reference_id":"686330","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116029?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4379"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fb37-pswr-k7hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92971?format=json","vulnerability_id":"VCID-fgkw-7jsk-tqdv","summary":"Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9475","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37004","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37095","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37102","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3707","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37032","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37044","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9475"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773654","reference_id":"773654","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773654"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116049?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-9475"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgkw-7jsk-tqdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93061?format=json","vulnerability_id":"VCID-fjvu-s2xb-fffu","summary":"Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php.  This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32696","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47995","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47948","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4796","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47991","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47977","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696"},{"reference_url":"https://phabricator.wikimedia.org/T304474","reference_id":"T304474","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:06:02Z/"}],"url":"https://phabricator.wikimedia.org/T304474"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116096?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.12-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.12-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116097?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-32696"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjvu-s2xb-fffu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92923?format=json","vulnerability_id":"VCID-fwn5-9py3-vfed","summary":"mediawiki allows deleted text to be exposed","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0046","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.6331","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63354","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63361","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.6335","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63337","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0046"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0046","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0046"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655694","reference_id":"655694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116026?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-0046"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwn5-9py3-vfed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6590?format=json","vulnerability_id":"VCID-fx7d-43ha-eqbb","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0364.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0364.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0364","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42621","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42695","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42706","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42683","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42647","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42656","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0364"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569779","reference_id":"1569779","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569779"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0364"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fx7d-43ha-eqbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67914?format=json","vulnerability_id":"VCID-fzdj-736n-u7gk","summary":"MediaWiki: MediaWiki: Cross-site Scripting vulnerability due to improper input neutralization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67475.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67475","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00991","published_at":"2026-06-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00992","published_at":"2026-06-06T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00993","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67475"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436176","reference_id":"2436176","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436176"},{"reference_url":"https://phabricator.wikimedia.org/T406664","reference_id":"T406664","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:07Z/"}],"url":"https://phabricator.wikimedia.org/T406664"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116099?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116100?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67475"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fzdj-736n-u7gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92858?format=json","vulnerability_id":"VCID-g6xn-zk18-b3hz","summary":"Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2152","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64632","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64674","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64683","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64672","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64662","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.6468","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2152"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2004-2152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xn-zk18-b3hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92955?format=json","vulnerability_id":"VCID-g7px-mnwk-d7hc","summary":"MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6472","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6117","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61218","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61226","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61212","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61194","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61214","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116038?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-6472"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7px-mnwk-d7hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92950?format=json","vulnerability_id":"VCID-gamp-ecmh-73fr","summary":"The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4572","reference_id":"","reference_type":"","scores":[{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79986","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.80012","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.80017","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.8001","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.8","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.8002","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629","reference_id":"729629","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116037?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.8%2Bdfsg-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.8%252Bdfsg-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4572"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gamp-ecmh-73fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92939?format=json","vulnerability_id":"VCID-gc18-uxmu-9fg9","summary":"MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1817","reference_id":"","reference_type":"","scores":[{"value":"0.01553","scoring_system":"epss","scoring_elements":"0.81759","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01553","scoring_system":"epss","scoring_elements":"0.81794","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01553","scoring_system":"epss","scoring_elements":"0.81788","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01553","scoring_system":"epss","scoring_elements":"0.81803","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702305","reference_id":"702305","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702305"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116032?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1817"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gc18-uxmu-9fg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55948?format=json","vulnerability_id":"VCID-gdr4-xzsd-wyfg","summary":"Improper permissions handling in MediaWiki AbuseFilter\nAn issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47913","reference_id":"","reference_type":"","scores":[{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.7211","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72121","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72096","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72132","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47913"},{"reference_url":"https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T18:52:26Z/"}],"url":"https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855"},{"reference_url":"https://github.com/wikimedia/mediawiki-extensions-AbuseFilter","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki-extensions-AbuseFilter"},{"reference_url":"https://phabricator.wikimedia.org/T372998","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T18:52:26Z/"}],"url":"https://phabricator.wikimedia.org/T372998"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47913","reference_id":"CVE-2024-47913","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47913"},{"reference_url":"https://github.com/advisories/GHSA-rmcp-9fhq-58pv","reference_id":"GHSA-rmcp-9fhq-58pv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rmcp-9fhq-58pv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116087?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.10-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.10-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116088?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-47913","GHSA-rmcp-9fhq-58pv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdr4-xzsd-wyfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92984?format=json","vulnerability_id":"VCID-gmzk-pemq-13ee","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2941","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51708","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51728","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2941"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2941"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmzk-pemq-13ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93034?format=json","vulnerability_id":"VCID-gpny-nuuq-3bg5","summary":"MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35478","reference_id":"","reference_type":"","scores":[{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63768","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.6381","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63817","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63808","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63796","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63815","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909234","reference_id":"1909234","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909234"},{"reference_url":"https://security.archlinux.org/ASA-202101-22","reference_id":"ASA-202101-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-22"},{"reference_url":"https://security.archlinux.org/AVG-1371","reference_id":"AVG-1371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1371"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116063?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-35478"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gpny-nuuq-3bg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67920?format=json","vulnerability_id":"VCID-gvg5-r3d8-g3em","summary":"MediaWiki: MediaWiki: Cross-site scripting vulnerability allows information disclosure via improper input neutralization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61645.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61645.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61645","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00863","published_at":"2026-06-06T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00861","published_at":"2026-06-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0086","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61645"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436160","reference_id":"2436160","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436160"},{"reference_url":"https://phabricator.wikimedia.org/T403761","reference_id":"T403761","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:04:58Z/"}],"url":"https://phabricator.wikimedia.org/T403761"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61645"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvg5-r3d8-g3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92906?format=json","vulnerability_id":"VCID-gwny-6wx4-hqe5","summary":"thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1190.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1190","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44699","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44769","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44776","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44755","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44724","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44737","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1190"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1190","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=571926","reference_id":"571926","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=571926"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116019?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2010-1190"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwny-6wx4-hqe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92987?format=json","vulnerability_id":"VCID-gxy1-z6xq-wye1","summary":"The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6728","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36327","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36421","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36429","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36394","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36357","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36368","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6728"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096","reference_id":"799096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-6728"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxy1-z6xq-wye1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93066?format=json","vulnerability_id":"VCID-h1hu-qm3a-cffg","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php.  This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3469","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58306","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58281","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.583","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58298","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58296","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469"},{"reference_url":"https://phabricator.wikimedia.org/T358689","reference_id":"T358689","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:06:28Z/"}],"url":"https://phabricator.wikimedia.org/T358689"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116096?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.12-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.12-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116097?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-3469"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h1hu-qm3a-cffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92996?format=json","vulnerability_id":"VCID-h4mn-k493-nuh8","summary":"The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8623","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31695","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31764","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31731","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31692","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3166","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31684","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8623"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8623"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4mn-k493-nuh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93042?format=json","vulnerability_id":"VCID-h4wz-bzqj-s7gb","summary":"An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30157.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30157","reference_id":"","reference_type":"","scores":[{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.73134","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.73172","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.73178","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.7316","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.73147","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.73171","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946692","reference_id":"1946692","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946692"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-30157"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4wz-bzqj-s7gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92889?format=json","vulnerability_id":"VCID-h8pe-d5pm-c7dv","summary":"Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter.  NOTE: this issue might be a duplicate of CVE-2007-0177.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1055","reference_id":"","reference_type":"","scores":[{"value":"0.02025","scoring_system":"epss","scoring_elements":"0.84097","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02025","scoring_system":"epss","scoring_elements":"0.84119","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02025","scoring_system":"epss","scoring_elements":"0.84122","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02025","scoring_system":"epss","scoring_elements":"0.84118","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02025","scoring_system":"epss","scoring_elements":"0.84107","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02025","scoring_system":"epss","scoring_elements":"0.8412","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1055","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1055"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406238","reference_id":"406238","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406238"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116007?format=json","purl":"pkg:deb/debian/mediawiki@1.7.1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.7.1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2007-1055"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8pe-d5pm-c7dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6591?format=json","vulnerability_id":"VCID-hgq5-7w26-pkcg","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0363.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0363.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0363","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42621","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42695","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42706","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42683","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42647","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42656","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0363"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569749","reference_id":"1569749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569749"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0363"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgq5-7w26-pkcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92948?format=json","vulnerability_id":"VCID-hhc2-9w8w-vfd7","summary":"Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \\b (backspace) character in CSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4567","reference_id":"","reference_type":"","scores":[{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64218","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64262","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.6427","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64259","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64248","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64268","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629","reference_id":"729629","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116037?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.8%2Bdfsg-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.8%252Bdfsg-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4567"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhc2-9w8w-vfd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7083?format=json","vulnerability_id":"VCID-hhgt-f8k5-jqbc","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41799.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41799","reference_id":"","reference_type":"","scores":[{"value":"0.01215","scoring_system":"epss","scoring_elements":"0.7935","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01215","scoring_system":"epss","scoring_elements":"0.79377","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01215","scoring_system":"epss","scoring_elements":"0.79382","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01215","scoring_system":"epss","scoring_elements":"0.79375","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01215","scoring_system":"epss","scoring_elements":"0.79365","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01215","scoring_system":"epss","scoring_elements":"0.79384","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2009511","reference_id":"2009511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2009511"},{"reference_url":"https://security.archlinux.org/AVG-2434","reference_id":"AVG-2434","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2434"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116071?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116072?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-41799"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhgt-f8k5-jqbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93007?format=json","vulnerability_id":"VCID-hjfw-spqw-xfay","summary":"MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6336","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28116","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28187","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28137","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28097","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28053","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28057","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6336"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6336"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116051?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6336"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjfw-spqw-xfay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92934?format=json","vulnerability_id":"VCID-hs5g-aaxk-abba","summary":"MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4381","reference_id":"","reference_type":"","scores":[{"value":"0.03103","scoring_system":"epss","scoring_elements":"0.87052","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03103","scoring_system":"epss","scoring_elements":"0.87075","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03103","scoring_system":"epss","scoring_elements":"0.87073","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03103","scoring_system":"epss","scoring_elements":"0.87067","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03103","scoring_system":"epss","scoring_elements":"0.87061","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4381"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330","reference_id":"686330","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116029?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4381"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5g-aaxk-abba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92992?format=json","vulnerability_id":"VCID-huku-uuhw-2fgp","summary":"MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8003","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67223","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67264","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67272","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67256","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67239","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67255","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8003"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8003"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huku-uuhw-2fgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67930?format=json","vulnerability_id":"VCID-j77y-8ckn-e3gy","summary":"MediaWiki: MediaWiki: Information disclosure via block list handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6927.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6927","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.094","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09428","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09368","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09425","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09442","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6927"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436108","reference_id":"2436108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436108"},{"reference_url":"https://phabricator.wikimedia.org/T397595","reference_id":"T397595","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:12:43Z/"}],"url":"https://phabricator.wikimedia.org/T397595"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6927"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j77y-8ckn-e3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92884?format=json","vulnerability_id":"VCID-jbj2-58dq-jyab","summary":"Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0177","reference_id":"","reference_type":"","scores":[{"value":"0.216","scoring_system":"epss","scoring_elements":"0.95831","published_at":"2026-06-04T12:55:00Z"},{"value":"0.216","scoring_system":"epss","scoring_elements":"0.95836","published_at":"2026-06-05T12:55:00Z"},{"value":"0.216","scoring_system":"epss","scoring_elements":"0.95839","published_at":"2026-06-08T12:55:00Z"},{"value":"0.216","scoring_system":"epss","scoring_elements":"0.95843","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0177"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406238","reference_id":"406238","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406238"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29404.txt","reference_id":"CVE-2007-0177;OSVDB-31525","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29404.txt"},{"reference_url":"https://www.securityfocus.com/bid/21956/info","reference_id":"CVE-2007-0177;OSVDB-31525","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/21956/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116005?format=json","purl":"pkg:deb/debian/mediawiki@1.7.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.7.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2007-0177"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbj2-58dq-jyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92902?format=json","vulnerability_id":"VCID-jcdf-9t8c-s3hy","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0737.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0737","reference_id":"","reference_type":"","scores":[{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.6736","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67401","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67408","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67396","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.6738","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67395","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0737"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=487489","reference_id":"487489","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=487489"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514547","reference_id":"514547","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514547"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116016?format=json","purl":"pkg:deb/debian/mediawiki@1:1.14.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.14.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2009-0737"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcdf-9t8c-s3hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93060?format=json","vulnerability_id":"VCID-jek1-hsjz-8qhy","summary":"Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32072","reference_id":"","reference_type":"","scores":[{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64698","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64692","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64701","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.6469","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64679","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072"},{"reference_url":"https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134","reference_id":"1120134","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:39:44Z/"}],"url":"https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134"},{"reference_url":"https://phabricator.wikimedia.org/T386175","reference_id":"T386175","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-11T16:39:44Z/"}],"url":"https://phabricator.wikimedia.org/T386175"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116093?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116095?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-32072"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jek1-hsjz-8qhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93074?format=json","vulnerability_id":"VCID-jjmb-zfaj-rfeb","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js.  This issue affects MediaWiki: from * before > fb856ce9cf121e046305116852cca4899ecb48ca.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61644","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24423","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2431","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2432","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24442","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24369","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61644"},{"reference_url":"https://phabricator.wikimedia.org/T403411","reference_id":"T403411","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:03:52Z/"}],"url":"https://phabricator.wikimedia.org/T403411"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61644"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjmb-zfaj-rfeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92962?format=json","vulnerability_id":"VCID-jqrt-mauu-pyck","summary":"Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.","references":[{"reference_url":"http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2853","reference_id":"","reference_type":"","scores":[{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59331","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64175","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.6419","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64195","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64188","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64198","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2853"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091967","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091967"},{"reference_url":"https://bugzilla.wikimedia.org/show_bug.cgi?id=63251","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.wikimedia.org/show_bug.cgi?id=63251"},{"reference_url":"http://secunia.com/advisories/58262","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/58262"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2853","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2853"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5"},{"reference_url":"http://www.securityfocus.com/bid/67068","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67068"},{"reference_url":"http://www.securitytracker.com/id/1030161","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030161"},{"reference_url":"https://github.com/advisories/GHSA-6h86-9r5g-f2h5","reference_id":"GHSA-6h86-9r5g-f2h5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6h86-9r5g-f2h5"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-2853","GHSA-6h86-9r5g-f2h5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqrt-mauu-pyck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44029?format=json","vulnerability_id":"VCID-jrkr-nf43-6fa9","summary":"Mediawiki tarball is missing .htaccess files\nMediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13258","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33134","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.332","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33181","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33213","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33251","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33236","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13258"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"},{"reference_url":"https://phabricator.wikimedia.org/T199029","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T199029"},{"reference_url":"http://www.securitytracker.com/id/1041695","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041695"},{"reference_url":"https://security.archlinux.org/ASA-201809-5","reference_id":"ASA-201809-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-5"},{"reference_url":"https://security.archlinux.org/AVG-765","reference_id":"AVG-765","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-765"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13258","reference_id":"CVE-2018-13258","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13258"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-13258.yaml","reference_id":"CVE-2018-13258.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-13258.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2c28-7gwv-cpgf","reference_id":"GHSA-2c28-7gwv-cpgf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2c28-7gwv-cpgf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-13258","GHSA-2c28-7gwv-cpgf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrkr-nf43-6fa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92916?format=json","vulnerability_id":"VCID-ju48-2eaz-1yer","summary":"The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \\2f\\2a and \\2a\\2f hex strings to surround CSS comments.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1579","reference_id":"","reference_type":"","scores":[{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76518","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76547","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76553","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76542","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76532","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76554","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1579"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1579","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1579"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116024?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-1579"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ju48-2eaz-1yer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92860?format=json","vulnerability_id":"VCID-jv3j-vaa1-5bck","summary":"Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2185","reference_id":"","reference_type":"","scores":[{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.83989","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.84012","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.84015","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.8401","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.84001","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2185"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2004-2185"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jv3j-vaa1-5bck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93083?format=json","vulnerability_id":"VCID-jv7t-v8fb-v7ar","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php.  This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6590","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02539","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02466","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02426","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02538","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02482","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6590"},{"reference_url":"https://phabricator.wikimedia.org/T392746","reference_id":"T392746","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:11:34Z/"}],"url":"https://phabricator.wikimedia.org/T392746"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116093?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6590"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jv7t-v8fb-v7ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3538?format=json","vulnerability_id":"VCID-k4fj-z694-rygn","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34912.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34912","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.70009","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.7005","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.70059","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.70041","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.7003","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.70054","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112772","reference_id":"2112772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112772"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116077?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-34912"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4fj-z694-rygn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92978?format=json","vulnerability_id":"VCID-k8kc-u38c-v3cf","summary":"MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by \"@imporT.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2935","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5352","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53579","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53587","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53574","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5355","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2935"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2935","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2935"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2935"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8kc-u38c-v3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93091?format=json","vulnerability_id":"VCID-kg6z-m8yw-2fe6","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js.  This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67481","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00847","published_at":"2026-06-05T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00848","published_at":"2026-06-06T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00845","published_at":"2026-06-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00844","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67481"},{"reference_url":"https://phabricator.wikimedia.org/T251032","reference_id":"T251032","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:13Z/"}],"url":"https://phabricator.wikimedia.org/T251032"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116099?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116100?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67481"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kg6z-m8yw-2fe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92870?format=json","vulnerability_id":"VCID-kncu-qynv-2ybk","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2215","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57472","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57524","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57533","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57523","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57511","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57529","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2215"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-2215"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kncu-qynv-2ybk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67913?format=json","vulnerability_id":"VCID-kqjs-yqk1-zqgg","summary":"MediaWiki: MediaWiki: Vulnerability in ApiFormatXml.Php requiring high privileges","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67484.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67484.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67484","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11467","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11534","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11454","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11573","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11569","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436190","reference_id":"2436190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436190"},{"reference_url":"https://phabricator.wikimedia.org/T401995","reference_id":"T401995","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:02:03Z/"}],"url":"https://phabricator.wikimedia.org/T401995"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116099?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116100?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67484"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqjs-yqk1-zqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92910?format=json","vulnerability_id":"VCID-kyg1-un3s-97bd","summary":"Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2788","reference_id":"","reference_type":"","scores":[{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.7194","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.7198","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71988","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71966","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71951","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71976","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2788"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590669","reference_id":"590669","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590669"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116021?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2010-2788"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kyg1-un3s-97bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93084?format=json","vulnerability_id":"VCID-kz5b-pwk5-duej","summary":"Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php.  This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6591","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02613","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02543","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02506","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02611","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02558","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6591"},{"reference_url":"https://phabricator.wikimedia.org/T392276","reference_id":"T392276","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T15:32:29Z/"}],"url":"https://phabricator.wikimedia.org/T392276"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116093?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6591"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kz5b-pwk5-duej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92307?format=json","vulnerability_id":"VCID-m6dk-fr2r-p7bp","summary":"mediawiki: diff-multi-sameuser (\"X intermediate revisions by the same user not shown\") ignores username suppression","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45362","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60589","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60596","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60584","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60567","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60582","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247805","reference_id":"2247805","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247805"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116081?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116080?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116082?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-45362"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6dk-fr2r-p7bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93006?format=json","vulnerability_id":"VCID-m775-k7ve-myfh","summary":"MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6335","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50927","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50988","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50994","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50973","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50944","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50961","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6335","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116051?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6335"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m775-k7ve-myfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93041?format=json","vulnerability_id":"VCID-mae3-qd9e-yqct","summary":"An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a \"hidden\" user exists.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30156.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30156.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30156","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40727","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40805","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4081","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4078","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4075","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40762","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30156"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1948643","reference_id":"1948643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1948643"},{"reference_url":"https://security.archlinux.org/AVG-1791","reference_id":"AVG-1791","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1791"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-30156"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mae3-qd9e-yqct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93008?format=json","vulnerability_id":"VCID-mra3-5379-hkbr","summary":"MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6337","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56926","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56977","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56984","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56971","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56957","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56975","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6337"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116051?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6337"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mra3-5379-hkbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92917?format=json","vulnerability_id":"VCID-msjb-y8hc-j3a1","summary":"The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1580","reference_id":"","reference_type":"","scores":[{"value":"0.00602","scoring_system":"epss","scoring_elements":"0.69905","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00602","scoring_system":"epss","scoring_elements":"0.69945","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00602","scoring_system":"epss","scoring_elements":"0.69953","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00602","scoring_system":"epss","scoring_elements":"0.6994","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00602","scoring_system":"epss","scoring_elements":"0.69928","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00602","scoring_system":"epss","scoring_elements":"0.69951","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1580","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1580"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116024?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-1580"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msjb-y8hc-j3a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67917?format=json","vulnerability_id":"VCID-mw5u-gf9m-mudv","summary":"MediaWiki: MediaWiki: Vulnerability in parsing and sanitization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67479.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67479","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02539","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02466","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02426","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02538","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02482","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436184","reference_id":"2436184","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436184"},{"reference_url":"https://phabricator.wikimedia.org/T407131","reference_id":"T407131","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:19Z/"}],"url":"https://phabricator.wikimedia.org/T407131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116099?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116100?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67479"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mw5u-gf9m-mudv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93071?format=json","vulnerability_id":"VCID-mwex-t59f-t3fc","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php.  This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61639","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00907","published_at":"2026-06-06T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00905","published_at":"2026-06-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00906","published_at":"2026-06-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00909","published_at":"2026-06-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00908","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61639"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639"},{"reference_url":"https://phabricator.wikimedia.org/T280413","reference_id":"T280413","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:10:07Z/"}],"url":"https://phabricator.wikimedia.org/T280413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61639"],"risk_score":0.5,"exploitability":"0.5","weighted_severity":"1.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwex-t59f-t3fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92958?format=json","vulnerability_id":"VCID-mymv-p7cc-8yav","summary":"includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2242","reference_id":"","reference_type":"","scores":[{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66332","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66341","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66326","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66312","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.6633","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2242"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2242"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116041?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-2242"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mymv-p7cc-8yav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92913?format=json","vulnerability_id":"VCID-mywc-amb5-jfc4","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka \"CSS injection vulnerability.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0047","reference_id":"","reference_type":"","scores":[{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75007","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75037","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75041","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75033","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75019","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00836","scoring_system":"epss","scoring_elements":"0.75045","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0047"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611787","reference_id":"611787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611787"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116023?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-0047"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mywc-amb5-jfc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92928?format=json","vulnerability_id":"VCID-n2k5-yut9-rfec","summary":"Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with \"forged strip item markers,\" as demonstrated using the CharInsert extension.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1582","reference_id":"","reference_type":"","scores":[{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71007","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71049","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71056","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71039","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71024","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.7105","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1582"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1582","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1582"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666269","reference_id":"666269","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666269"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116027?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-1582"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2k5-yut9-rfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92898?format=json","vulnerability_id":"VCID-n95m-rbx3-hqf4","summary":"Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5252","reference_id":"","reference_type":"","scores":[{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61858","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61907","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61914","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61903","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61888","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61904","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5252"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5252","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5252"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508870","reference_id":"508870","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508870"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116013?format=json","purl":"pkg:deb/debian/mediawiki@1:1.13.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.13.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-5252"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n95m-rbx3-hqf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67918?format=json","vulnerability_id":"VCID-n9dx-nv1y-suap","summary":"MediaWiki: MediaWiki: Cross-site Scripting (XSS) vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11261.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11261.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11261","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00364","published_at":"2026-06-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00367","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00369","published_at":"2026-06-06T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00365","published_at":"2026-06-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00363","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11261"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436168","reference_id":"2436168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436168"},{"reference_url":"https://phabricator.wikimedia.org/T402077","reference_id":"T402077","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:05Z/"}],"url":"https://phabricator.wikimedia.org/T402077"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-11261"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9dx-nv1y-suap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93081?format=json","vulnerability_id":"VCID-n9yh-kj1p-p7du","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js.  This issue affects Vector: from * before 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61657","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17383","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17399","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17503","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17463","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61657"},{"reference_url":"https://phabricator.wikimedia.org/T398636","reference_id":"T398636","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:00:09Z/"}],"url":"https://phabricator.wikimedia.org/T398636"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61657"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9yh-kj1p-p7du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46170?format=json","vulnerability_id":"VCID-najx-n63u-tqf5","summary":"MediaWiki Denial of Service vulnerability\nAn issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45363","reference_id":"","reference_type":"","scores":[{"value":"0.11025","scoring_system":"epss","scoring_elements":"0.93589","published_at":"2026-06-09T12:55:00Z"},{"value":"0.11025","scoring_system":"epss","scoring_elements":"0.93582","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11025","scoring_system":"epss","scoring_elements":"0.93584","published_at":"2026-06-05T12:55:00Z"},{"value":"0.11025","scoring_system":"epss","scoring_elements":"0.93585","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45363"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"},{"reference_url":"https://phabricator.wikimedia.org/T333050","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/"}],"url":"https://phabricator.wikimedia.org/T333050"},{"reference_url":"https://www.debian.org/security/2023/dsa-5520","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/"}],"url":"https://www.debian.org/security/2023/dsa-5520"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45363","reference_id":"CVE-2023-45363","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45363"},{"reference_url":"https://github.com/advisories/GHSA-w5fx-cx7f-6vr9","reference_id":"GHSA-w5fx-cx7f-6vr9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w5fx-cx7f-6vr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116081?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116080?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116082?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-45363","GHSA-w5fx-cx7f-6vr9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-najx-n63u-tqf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93045?format=json","vulnerability_id":"VCID-ndrs-479w-x3gr","summary":"An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30458","reference_id":"","reference_type":"","scores":[{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59161","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59177","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59134","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59182","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59186","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59179","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30458"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/wikimedia/parsoid/CVE-2021-30458.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki-services-parsoid","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki-services-parsoid"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30458","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30458"},{"reference_url":"https://phabricator.wikimedia.org/T279451","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T279451"},{"reference_url":"https://security.gentoo.org/glsa/202107-40","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202107-40"},{"reference_url":"https://www.mediawiki.org/wiki/Parsoid","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/Parsoid"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"},{"reference_url":"https://github.com/advisories/GHSA-5pqx-77vf-85rw","reference_id":"GHSA-5pqx-77vf-85rw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5pqx-77vf-85rw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-30458","GHSA-5pqx-77vf-85rw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndrs-479w-x3gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92908?format=json","vulnerability_id":"VCID-ngfg-ek8p-m7fy","summary":"Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1648","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31137","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31204","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31171","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31136","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31104","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31127","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1648"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1648","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1648"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585918","reference_id":"585918","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585918"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116020?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2010-1648"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngfg-ek8p-m7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92874?format=json","vulnerability_id":"VCID-ntjq-mrga-tkhk","summary":"Unspecified vulnerability in \"edit submission handling\" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3166","reference_id":"","reference_type":"","scores":[{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.746","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74631","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74637","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74625","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74607","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74634","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3166"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332408","reference_id":"332408","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115998?format=json","purl":"pkg:deb/debian/mediawiki@1.4.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-3166"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntjq-mrga-tkhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92896?format=json","vulnerability_id":"VCID-nvw7-6dkp-t7ca","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5249","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6358","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63623","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6363","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63621","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6361","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63629","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5249"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5249","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5249"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508868","reference_id":"508868","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116013?format=json","purl":"pkg:deb/debian/mediawiki@1:1.13.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.13.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-5249"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvw7-6dkp-t7ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92968?format=json","vulnerability_id":"VCID-nzgd-bwa8-7ugr","summary":"The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7295","reference_id":"","reference_type":"","scores":[{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47022","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47087","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.4709","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47072","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47043","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47054","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7295"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116047?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-7295"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzgd-bwa8-7ugr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93027?format=json","vulnerability_id":"VCID-p39b-8e53-tfgj","summary":"In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href =\"javascript... that executes when clicked.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25814","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56736","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56703","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56762","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56755","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.5675","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25814","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25814"},{"reference_url":"https://phabricator.wikimedia.org/T86738","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T86738"},{"reference_url":"https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903774","reference_id":"1903774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903774"},{"reference_url":"https://github.com/advisories/GHSA-4vr7-m8p8-434h","reference_id":"GHSA-4vr7-m8p8-434h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vr7-m8p8-434h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116062?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-25814","GHSA-4vr7-m8p8-434h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p39b-8e53-tfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93097?format=json","vulnerability_id":"VCID-ped5-3kh7-e7eq","summary":"Vulnerability in Wikimedia Foundation Scribunto.  This issue affects Scribunto: from 1.45.0 before 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34089","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16742","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16622","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16639","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16746","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16704","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34089"},{"reference_url":"https://phabricator.wikimedia.org/T419168","reference_id":"T419168","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:53:02Z/"}],"url":"https://phabricator.wikimedia.org/T419168"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34089"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ped5-3kh7-e7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92925?format=json","vulnerability_id":"VCID-pg9r-hhha-uycj","summary":"The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1579","reference_id":"","reference_type":"","scores":[{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.69204","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.69243","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.69252","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.69228","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.69248","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1579"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-1579"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pg9r-hhha-uycj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92915?format=json","vulnerability_id":"VCID-pjwg-6p38-u7ev","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1578","reference_id":"","reference_type":"","scores":[{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.7268","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72718","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72726","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72708","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72695","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72719","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1578"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1578","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1578"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116024?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-1578"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjwg-6p38-u7ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6589?format=json","vulnerability_id":"VCID-pm1e-1y2c-qqea","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0365.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0365","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53866","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53923","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53896","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53931","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53919","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569782","reference_id":"1569782","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569782"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0365"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pm1e-1y2c-qqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93050?format=json","vulnerability_id":"VCID-pt15-zz85-gufg","summary":"An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41766","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29578","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.413","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41223","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46658","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46685","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47899","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41766"},{"reference_url":"https://phabricator.wikimedia.org/T307278","reference_id":"T307278","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T15:23:19Z/"}],"url":"https://phabricator.wikimedia.org/T307278"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-41766"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt15-zz85-gufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92981?format=json","vulnerability_id":"VCID-pujm-sggj-3ybq","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2938","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51708","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51728","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2938"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2938","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2938"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116050?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.20%2Bdfsg-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.20%252Bdfsg-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2938"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pujm-sggj-3ybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92935?format=json","vulnerability_id":"VCID-pxg3-ugyv-aubu","summary":"MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4382","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52475","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52534","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52543","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52523","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52496","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52518","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4382"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330","reference_id":"686330","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116029?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4382"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxg3-ugyv-aubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93026?format=json","vulnerability_id":"VCID-q1rw-mxdb-gbe7","summary":"In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25813","reference_id":"","reference_type":"","scores":[{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58889","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58934","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58918","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58936","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58942","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58933","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"},{"reference_url":"https://meta.wikimedia.org/wiki/Special:UserRights","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://meta.wikimedia.org/wiki/Special:UserRights"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25813","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25813"},{"reference_url":"https://phabricator.wikimedia.org/T232568","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T232568"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903764","reference_id":"1903764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903764"},{"reference_url":"https://github.com/advisories/GHSA-c4rj-wrmq-52rj","reference_id":"GHSA-c4rj-wrmq-52rj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4rj-wrmq-52rj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116062?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-25813","GHSA-c4rj-wrmq-52rj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1rw-mxdb-gbe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92999?format=json","vulnerability_id":"VCID-q3du-m57c-suc2","summary":"The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8626","reference_id":"","reference_type":"","scores":[{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.70998","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.7104","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71047","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.7103","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71015","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71041","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8626"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8626"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3du-m57c-suc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92924?format=json","vulnerability_id":"VCID-q5wv-4dcb-m7dr","summary":"Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1578","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53899","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53907","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53895","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53872","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1578"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-1578"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wv-4dcb-m7dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92861?format=json","vulnerability_id":"VCID-q7kn-2q5e-ryds","summary":"SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2186","reference_id":"","reference_type":"","scores":[{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62938","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.6298","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62989","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62979","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62965","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62983","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2186"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2004-2186"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7kn-2q5e-ryds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3547?format=json","vulnerability_id":"VCID-q89t-z7us-47h5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44856.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44856","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37511","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37576","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37604","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37607","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.3755","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37537","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156326","reference_id":"2156326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156326"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://phabricator.wikimedia.org/T271037","reference_id":"T271037","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:49:08Z/"}],"url":"https://phabricator.wikimedia.org/T271037"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116073?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-44856"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q89t-z7us-47h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92929?format=json","vulnerability_id":"VCID-qa16-qan2-3bep","summary":"Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2698","reference_id":"","reference_type":"","scores":[{"value":"0.15327","scoring_system":"epss","scoring_elements":"0.94756","published_at":"2026-06-04T12:55:00Z"},{"value":"0.15327","scoring_system":"epss","scoring_elements":"0.94765","published_at":"2026-06-05T12:55:00Z"},{"value":"0.15327","scoring_system":"epss","scoring_elements":"0.94766","published_at":"2026-06-06T12:55:00Z"},{"value":"0.15327","scoring_system":"epss","scoring_elements":"0.94768","published_at":"2026-06-08T12:55:00Z"},{"value":"0.15327","scoring_system":"epss","scoring_elements":"0.94773","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2698"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/37404.txt","reference_id":"CVE-2012-2698;OSVDB-82983","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/37404.txt"},{"reference_url":"https://www.securityfocus.com/bid/53998/info","reference_id":"CVE-2012-2698;OSVDB-82983","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/53998/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116028?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-2698"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qa16-qan2-3bep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35751?format=json","vulnerability_id":"VCID-qa6e-abwc-47a4","summary":"In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27291","reference_id":"","reference_type":"","scores":[{"value":"0.034","scoring_system":"epss","scoring_elements":"0.87655","published_at":"2026-06-05T12:55:00Z"},{"value":"0.034","scoring_system":"epss","scoring_elements":"0.87634","published_at":"2026-06-04T12:55:00Z"},{"value":"0.034","scoring_system":"epss","scoring_elements":"0.87657","published_at":"2026-06-06T12:55:00Z"},{"value":"0.034","scoring_system":"epss","scoring_elements":"0.87668","published_at":"2026-06-09T12:55:00Z"},{"value":"0.034","scoring_system":"epss","scoring_elements":"0.87656","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce"},{"reference_url":"https://github.com/advisories/GHSA-pq64-v7f5-gqh8","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pq64-v7f5-gqh8"},{"reference_url":"https://github.com/pygments/pygments","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pygments/pygments"},{"reference_url":"https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4878","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4878"},{"reference_url":"https://www.debian.org/security/2021/dsa-4889","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4889"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1940603","reference_id":"1940603","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1940603"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574","reference_id":"985574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574"},{"reference_url":"https://security.archlinux.org/AVG-1662","reference_id":"AVG-1662","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1662"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27291","reference_id":"CVE-2021-27291","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3252","reference_id":"RHSA-2021:3252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4139","reference_id":"RHSA-2021:4139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4150","reference_id":"RHSA-2021:4150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4151","reference_id":"RHSA-2021:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4151"},{"reference_url":"https://usn.ubuntu.com/4897-1/","reference_id":"USN-4897-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4897-1/"},{"reference_url":"https://usn.ubuntu.com/4897-2/","reference_id":"USN-4897-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4897-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-27291","GHSA-pq64-v7f5-gqh8","PYSEC-2021-141"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qa6e-abwc-47a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93044?format=json","vulnerability_id":"VCID-qe1k-75h8-9ydc","summary":"An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain \"fast double move\" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30159.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30159","reference_id":"","reference_type":"","scores":[{"value":"0.00873","scoring_system":"epss","scoring_elements":"0.75599","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00873","scoring_system":"epss","scoring_elements":"0.75627","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00873","scoring_system":"epss","scoring_elements":"0.7563","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00873","scoring_system":"epss","scoring_elements":"0.7562","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00873","scoring_system":"epss","scoring_elements":"0.75607","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00873","scoring_system":"epss","scoring_elements":"0.75633","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1948638","reference_id":"1948638","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1948638"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-30159"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qe1k-75h8-9ydc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90528?format=json","vulnerability_id":"VCID-qhbg-v9hk-rfcx","summary":"mediawiki: cross-site scripting","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34507.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34507.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34507","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63621","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63614","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63622","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63613","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63601","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34507"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279229","reference_id":"2279229","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279229"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/","reference_id":"FU2FGUXXK6TMV6R52VRECLC6XCSQQISY","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-07T19:15:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"},{"reference_url":"https://phabricator.wikimedia.org/T355538","reference_id":"T355538","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-07T19:15:00Z/"}],"url":"https://phabricator.wikimedia.org/T355538"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116083?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.7-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.7-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116086?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-34507"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhbg-v9hk-rfcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90529?format=json","vulnerability_id":"VCID-qhzw-mww2-xbcf","summary":"mediawiki: denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34506","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38092","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3814","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38144","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38116","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38082","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34506"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279231","reference_id":"2279231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279231"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/","reference_id":"FU2FGUXXK6TMV6R52VRECLC6XCSQQISY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"},{"reference_url":"https://phabricator.wikimedia.org/T357760","reference_id":"T357760","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-06T14:48:08Z/"}],"url":"https://phabricator.wikimedia.org/T357760"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116083?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.7-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.7-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116086?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-34506"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhzw-mww2-xbcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93076?format=json","vulnerability_id":"VCID-qn7m-wqy6-q7hu","summary":"Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61652","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35603","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35526","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35543","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35592","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35565","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61652"},{"reference_url":"https://phabricator.wikimedia.org/T397580","reference_id":"T397580","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T20:57:48Z/"}],"url":"https://phabricator.wikimedia.org/T397580"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61652"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn7m-wqy6-q7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93096?format=json","vulnerability_id":"VCID-qpyg-4cts-z3gz","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.  This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34088","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12568","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16364","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16363","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1632","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16239","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34088"},{"reference_url":"https://phabricator.wikimedia.org/T410429","reference_id":"T410429","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/R:U/RE:M"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T16:03:25Z/"}],"url":"https://phabricator.wikimedia.org/T410429"},{"reference_url":"https://usn.ubuntu.com/8315-1/","reference_id":"USN-8315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8315-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116101?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34088"],"risk_score":0.4,"exploitability":"0.5","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpyg-4cts-z3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92921?format=json","vulnerability_id":"VCID-r1p9-dark-rqd2","summary":"MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4360","reference_id":"","reference_type":"","scores":[{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70071","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70111","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.7012","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70103","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70091","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70114","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4360"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650434","reference_id":"650434","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650434"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116025?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-4360"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1p9-dark-rqd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7277?format=json","vulnerability_id":"VCID-r3b5-7t8m-rff6","summary":"access restriction bypass","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35197","reference_id":"","reference_type":"","scores":[{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.73051","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.73089","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.73064","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.73094","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.73077","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980308","reference_id":"1980308","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980308"},{"reference_url":"https://security.archlinux.org/ASA-202107-7","reference_id":"ASA-202107-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-7"},{"reference_url":"https://security.archlinux.org/AVG-2093","reference_id":"AVG-2093","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2093"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116070?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116071?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-35197"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3b5-7t8m-rff6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93098?format=json","vulnerability_id":"VCID-rd4c-z8s3-mudn","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser.  This issue affects CheckUser: from 1.45.0 before 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34090","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10663","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1054","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10562","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10639","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10625","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34090"},{"reference_url":"https://phabricator.wikimedia.org/T411366","reference_id":"T411366","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/R:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:51:24Z/"}],"url":"https://phabricator.wikimedia.org/T411366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34090"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rd4c-z8s3-mudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93068?format=json","vulnerability_id":"VCID-rfm9-xs4j-puep","summary":"Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php.  This issue affects ConfirmEdit: *.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61635","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05253","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05206","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0525","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05268","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05245","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635"},{"reference_url":"https://phabricator.wikimedia.org/T355073","reference_id":"T355073","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:13:27Z/"}],"url":"https://phabricator.wikimedia.org/T355073"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61635"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfm9-xs4j-puep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93004?format=json","vulnerability_id":"VCID-rjd1-q7zd-jqac","summary":"Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6333","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56561","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56614","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56621","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56609","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56594","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56613","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116051?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6333"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjd1-q7zd-jqac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93013?format=json","vulnerability_id":"VCID-rm5w-m3u5-s3en","summary":"An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12468","reference_id":"","reference_type":"","scores":[{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66686","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66721","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66704","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.6672","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66734","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66727","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-announce","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-announce"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12468","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12468"},{"reference_url":"https://phabricator.wikimedia.org/T197279","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T197279"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://github.com/advisories/GHSA-wrhx-3pxr-6vgg","reference_id":"GHSA-wrhx-3pxr-6vgg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wrhx-3pxr-6vgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12468","GHSA-wrhx-3pxr-6vgg"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm5w-m3u5-s3en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93001?format=json","vulnerability_id":"VCID-rnww-9mvs-7fes","summary":"The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8628","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63188","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63232","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.6324","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.6323","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63216","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63234","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8628"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rnww-9mvs-7fes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93063?format=json","vulnerability_id":"VCID-rr4q-4ty2-xuey","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php.  This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32698","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62228","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62202","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62218","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.6222","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62217","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698"},{"reference_url":"https://phabricator.wikimedia.org/T385958","reference_id":"T385958","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:51:46Z/"}],"url":"https://phabricator.wikimedia.org/T385958"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116096?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.12-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.12-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116097?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-32698"],"risk_score":0.7,"exploitability":"0.5","weighted_severity":"1.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rr4q-4ty2-xuey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92886?format=json","vulnerability_id":"VCID-rs7r-5c6j-zqda","summary":"MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0894","reference_id":"","reference_type":"","scores":[{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78429","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78456","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78465","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78454","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78442","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.7846","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0894"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116006?format=json","purl":"pkg:deb/debian/mediawiki@1:1.10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2007-0894"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rs7r-5c6j-zqda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92966?format=json","vulnerability_id":"VCID-rssx-5uc4-qbbu","summary":"MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5243","reference_id":"","reference_type":"","scores":[{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59011","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59055","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59039","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59056","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61559","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5243"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5243","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5243"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758510","reference_id":"758510","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758510"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116045?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.18%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.18%252Bdfsg-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-5243"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rssx-5uc4-qbbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93048?format=json","vulnerability_id":"VCID-rxst-wxgk-8ybx","summary":"An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45038.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45038","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53617","published_at":"2026-06-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53674","published_at":"2026-06-05T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53683","published_at":"2026-06-06T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53671","published_at":"2026-06-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53647","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2036704","reference_id":"2036704","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2036704"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116075?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116073?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-45038"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxst-wxgk-8ybx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93047?format=json","vulnerability_id":"VCID-s2jn-ucd4-xkgg","summary":"An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44858.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44858","reference_id":"","reference_type":"","scores":[{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60317","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60364","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60367","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60355","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60338","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60354","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45038"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2036698","reference_id":"2036698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2036698"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116075?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116073?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-44858"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2jn-ucd4-xkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93057?format=json","vulnerability_id":"VCID-sbnd-dssm-2bf3","summary":"An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45364","reference_id":"","reference_type":"","scores":[{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30187","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30126","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.3014","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30223","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30156","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45364"},{"reference_url":"https://phabricator.wikimedia.org/T264765","reference_id":"T264765","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:46Z/"}],"url":"https://phabricator.wikimedia.org/T264765"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116080?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116082?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-45364"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbnd-dssm-2bf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92875?format=json","vulnerability_id":"VCID-sezq-vpju-ykhq","summary":"Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3167","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64579","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64621","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.6463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64619","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64609","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64627","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3167"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332408","reference_id":"332408","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115998?format=json","purl":"pkg:deb/debian/mediawiki@1.4.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-3167"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sezq-vpju-ykhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92927?format=json","vulnerability_id":"VCID-sftu-c9j5-2qh6","summary":"MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1581","reference_id":"","reference_type":"","scores":[{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67941","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67981","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67988","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67978","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.67965","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00539","scoring_system":"epss","scoring_elements":"0.6798","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1581"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666269","reference_id":"666269","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666269"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116027?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-1581"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sftu-c9j5-2qh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92989?format=json","vulnerability_id":"VCID-spuj-u723-eqhb","summary":"Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to \"ForeignAPI images.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6730","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51708","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51728","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6730"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096","reference_id":"799096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-6730"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-spuj-u723-eqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93005?format=json","vulnerability_id":"VCID-sq7u-1g6k-g3ft","summary":"Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6334","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44697","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44767","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44773","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44752","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44721","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44734","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6334"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6334","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116051?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6334"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sq7u-1g6k-g3ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92937?format=json","vulnerability_id":"VCID-svan-57dn-c7gz","summary":"Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5391","reference_id":"","reference_type":"","scores":[{"value":"0.00758","scoring_system":"epss","scoring_elements":"0.73665","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00758","scoring_system":"epss","scoring_elements":"0.73702","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00758","scoring_system":"epss","scoring_elements":"0.73705","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00758","scoring_system":"epss","scoring_elements":"0.73691","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00758","scoring_system":"epss","scoring_elements":"0.73677","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00758","scoring_system":"epss","scoring_elements":"0.73703","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5391","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5391"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998","reference_id":"694998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116031?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-5391"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svan-57dn-c7gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92890?format=json","vulnerability_id":"VCID-sw4d-hj5g-dybr","summary":"Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4828","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67849","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67888","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67895","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67885","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67872","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67887","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4828"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442255","reference_id":"442255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442255"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116009?format=json","purl":"pkg:deb/debian/mediawiki@1.10.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.10.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2007-4828"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sw4d-hj5g-dybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92988?format=json","vulnerability_id":"VCID-t1jc-55fv-9fec","summary":"Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6729","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5174","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51708","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51728","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6729"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-6729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1jc-55fv-9fec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92872?format=json","vulnerability_id":"VCID-t1zp-meg5-mfdq","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2396","reference_id":"","reference_type":"","scores":[{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.70223","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.70265","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.70274","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.70256","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.70246","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.70269","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2396"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-2396"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1zp-meg5-mfdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92951?format=json","vulnerability_id":"VCID-t614-d2cj-nufy","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6451","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53693","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.5376","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53748","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53724","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53747","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6451"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6451","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6451"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116038?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-6451"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t614-d2cj-nufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92857?format=json","vulnerability_id":"VCID-t9sx-qc9r-9yan","summary":"MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1405","reference_id":"","reference_type":"","scores":[{"value":"0.12046","scoring_system":"epss","scoring_elements":"0.93918","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12046","scoring_system":"epss","scoring_elements":"0.93927","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12046","scoring_system":"epss","scoring_elements":"0.93926","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12046","scoring_system":"epss","scoring_elements":"0.93925","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12046","scoring_system":"epss","scoring_elements":"0.9393","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1405"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24994.txt","reference_id":"CVE-2004-1405;OSVDB-59519","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24994.txt"},{"reference_url":"https://www.securityfocus.com/bid/11985/info","reference_id":"CVE-2004-1405;OSVDB-59519","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/11985/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2004-1405"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9sx-qc9r-9yan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92931?format=json","vulnerability_id":"VCID-t9zr-7pte-d7dg","summary":"Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4378","reference_id":"","reference_type":"","scores":[{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66641","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66681","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66689","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66674","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66658","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66676","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330","reference_id":"686330","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116029?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4378"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9zr-7pte-d7dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92938?format=json","vulnerability_id":"VCID-ta42-b1xm-8yed","summary":"MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1816","reference_id":"","reference_type":"","scores":[{"value":"0.04103","scoring_system":"epss","scoring_elements":"0.88794","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04103","scoring_system":"epss","scoring_elements":"0.88811","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04103","scoring_system":"epss","scoring_elements":"0.88809","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04103","scoring_system":"epss","scoring_elements":"0.88826","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1816"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116032?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1816"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ta42-b1xm-8yed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93043?format=json","vulnerability_id":"VCID-tap8-kvdy-2ycx","summary":"An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30158.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30158","reference_id":"","reference_type":"","scores":[{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70135","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70177","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70186","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70168","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70157","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.7018","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946698","reference_id":"1946698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946698"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-30158"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tap8-kvdy-2ycx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92911?format=json","vulnerability_id":"VCID-tavd-6d8p-y7d3","summary":"PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2789","reference_id":"","reference_type":"","scores":[{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67738","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67779","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67786","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67775","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67759","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2789"},{"reference_url":"https://security.gentoo.org/glsa/201206-09","reference_id":"GLSA-201206-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2010-2789"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tavd-6d8p-y7d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93003?format=json","vulnerability_id":"VCID-tuhe-1kx6-pufz","summary":"MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6332","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44734","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44804","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4481","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44789","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44758","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4477","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6332"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116051?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6332"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuhe-1kx6-pufz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93058?format=json","vulnerability_id":"VCID-u4ay-q32e-jkh3","summary":"Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php.  This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11173","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0525","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05268","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05253","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05245","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05206","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173"},{"reference_url":"https://phabricator.wikimedia.org/T401862","reference_id":"T401862","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:50Z/"}],"url":"https://phabricator.wikimedia.org/T401862"},{"reference_url":"https://phabricator.wikimedia.org/T402094","reference_id":"T402094","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:07:50Z/"}],"url":"https://phabricator.wikimedia.org/T402094"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-11173"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4ay-q32e-jkh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93082?format=json","vulnerability_id":"VCID-uas8-rmsr-sycn","summary":"Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php.  This issue affects MediaWiki: >= 1.42.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6589","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08556","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08589","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08608","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08604","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6589"},{"reference_url":"https://phabricator.wikimedia.org/T391343","reference_id":"T391343","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:11:14Z/"}],"url":"https://phabricator.wikimedia.org/T391343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6589"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uas8-rmsr-sycn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93102?format=json","vulnerability_id":"VCID-ug4k-29je-mfan","summary":"Vulnerability in Wikimedia Foundation MediaWiki.   This vulnerability is associated with program files includes/Page/Article.Php.    This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34094","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1066","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13921","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13925","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13888","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13804","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34094"},{"reference_url":"https://phabricator.wikimedia.org/T416090","reference_id":"T416090","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:06:55Z/"}],"url":"https://phabricator.wikimedia.org/T416090"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116101?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34094"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ug4k-29je-mfan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93080?format=json","vulnerability_id":"VCID-umrd-1rjt-jyas","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js.  This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61656","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07854","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07783","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07799","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07841","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07827","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61656"},{"reference_url":"https://phabricator.wikimedia.org/T397232","reference_id":"T397232","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:00:27Z/"}],"url":"https://phabricator.wikimedia.org/T397232"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61656"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umrd-1rjt-jyas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92957?format=json","vulnerability_id":"VCID-umz5-f7z4-5kcw","summary":"MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1610","reference_id":"","reference_type":"","scores":[{"value":"0.48041","scoring_system":"epss","scoring_elements":"0.9778","published_at":"2026-06-04T12:55:00Z"},{"value":"0.48041","scoring_system":"epss","scoring_elements":"0.97784","published_at":"2026-06-05T12:55:00Z"},{"value":"0.48041","scoring_system":"epss","scoring_elements":"0.97786","published_at":"2026-06-08T12:55:00Z"},{"value":"0.48041","scoring_system":"epss","scoring_elements":"0.97787","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31767.rb","reference_id":"CVE-2014-1610;OSVDB-102630","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31767.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/31329.txt","reference_id":"CVE-2014-1610;OSVDB-102631;OSVDB-102630","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/31329.txt"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116040?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.11%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.11%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-1610"],"risk_score":0.8,"exploitability":"2.0","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umz5-f7z4-5kcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6403?format=json","vulnerability_id":"VCID-uvth-ajst-4udu","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8815","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6076","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60704","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60753","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60747","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60749","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60732","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815"},{"reference_url":"https://security.archlinux.org/ASA-201711-20","reference_id":"ASA-201711-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-20"},{"reference_url":"https://security.archlinux.org/AVG-490","reference_id":"AVG-490","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116054?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-8815"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvth-ajst-4udu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92918?format=json","vulnerability_id":"VCID-uym5-qwcq-bbb7","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1587","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44996","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45064","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45069","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45049","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4502","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45032","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1587"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116024?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.5-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.5-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-1587"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uym5-qwcq-bbb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3540?format=json","vulnerability_id":"VCID-v2e4-1zyr-cudx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31091","reference_id":"","reference_type":"","scores":[{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81573","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81582","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81581","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81589","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81579","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81551","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml"},{"reference_url":"https://github.com/guzzle/guzzle","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guzzle/guzzle"},{"reference_url":"https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/"}],"url":"https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82"},{"reference_url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/"}],"url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31091","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31091"},{"reference_url":"https://security.gentoo.org/glsa/202305-24","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/"}],"url":"https://security.gentoo.org/glsa/202305-24"},{"reference_url":"https://www.debian.org/security/2022/dsa-5246","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/"}],"url":"https://www.debian.org/security/2022/dsa-5246"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492","reference_id":"1014492","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://github.com/advisories/GHSA-q559-8m2m-g699","reference_id":"GHSA-q559-8m2m-g699","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q559-8m2m-g699"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116077?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-31091","GHSA-q559-8m2m-g699","GMS-2022-2529"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2e4-1zyr-cudx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93086?format=json","vulnerability_id":"VCID-v6sy-pg6x-37hf","summary":"Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php.  This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6593","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05253","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05206","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0525","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05268","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05245","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6593"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6593","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6593"},{"reference_url":"https://phabricator.wikimedia.org/T396230","reference_id":"T396230","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T14:42:43Z/"}],"url":"https://phabricator.wikimedia.org/T396230"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116093?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6593"],"risk_score":0.7,"exploitability":"0.5","weighted_severity":"1.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6sy-pg6x-37hf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93069?format=json","vulnerability_id":"VCID-vavn-d5gk-muh6","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php.  This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61636","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00515","published_at":"2026-06-06T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00508","published_at":"2026-06-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00512","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00516","published_at":"2026-06-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00513","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61636"},{"reference_url":"https://phabricator.wikimedia.org/T394396","reference_id":"T394396","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/U:Clear"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:13:06Z/"}],"url":"https://phabricator.wikimedia.org/T394396"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61636"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vavn-d5gk-muh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67915?format=json","vulnerability_id":"VCID-vgah-ad9q-tugu","summary":"MediaWiki: MediaWiki: Information disclosure vulnerability in ImportableOldRevisionImporter.Php","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67476.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67476","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05422","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05418","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05378","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05434","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05417","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67476"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436186","reference_id":"2436186","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436186"},{"reference_url":"https://phabricator.wikimedia.org/T405859","reference_id":"T405859","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:17Z/"}],"url":"https://phabricator.wikimedia.org/T405859"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67476"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgah-ad9q-tugu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93039?format=json","vulnerability_id":"VCID-vjgy-npj2-p7et","summary":"An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30154.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30154","reference_id":"","reference_type":"","scores":[{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74631","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74662","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74668","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74655","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74638","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74664","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946690","reference_id":"1946690","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946690"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-30154"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjgy-npj2-p7et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67912?format=json","vulnerability_id":"VCID-vkb5-fkyt-n7b5","summary":"MediaWiki: MediaWiki: Cross-site scripting vulnerability in page preview functionality","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67483.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67483.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67483","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00847","published_at":"2026-06-05T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00845","published_at":"2026-06-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00844","published_at":"2026-06-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00848","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67483"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436188","reference_id":"2436188","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436188"},{"reference_url":"https://phabricator.wikimedia.org/T409226","reference_id":"T409226","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:02:18Z/"}],"url":"https://phabricator.wikimedia.org/T409226"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116100?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67483"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vkb5-fkyt-n7b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3539?format=json","vulnerability_id":"VCID-vvbr-921f-gbe1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34911","reference_id":"","reference_type":"","scores":[{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.7882","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78827","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78818","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78807","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78825","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112770","reference_id":"2112770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112770"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116077?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-34911"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vvbr-921f-gbe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92972?format=json","vulnerability_id":"VCID-vy8z-k1u8-qfg4","summary":"MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by \"http://en.wikipedia.org.evilsite.example/.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9476","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72884","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72921","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72928","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72911","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72898","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72923","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9476"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-9476"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vy8z-k1u8-qfg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92863?format=json","vulnerability_id":"VCID-vzfm-psg9-xbaz","summary":"Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to \"filename validation,\" has unknown impact and attack vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2187","reference_id":"","reference_type":"","scores":[{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61855","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61904","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61912","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.619","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61885","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61901","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2187"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2004-2187"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzfm-psg9-xbaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93072?format=json","vulnerability_id":"VCID-w48g-6qxr-sygt","summary":"Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php.  This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61641","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00724","published_at":"2026-06-06T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00721","published_at":"2026-06-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00718","published_at":"2026-06-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00719","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641"},{"reference_url":"https://phabricator.wikimedia.org/T298690","reference_id":"T298690","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:09:22Z/"}],"url":"https://phabricator.wikimedia.org/T298690"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116090?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116091?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61641"],"risk_score":0.5,"exploitability":"0.5","weighted_severity":"1.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w48g-6qxr-sygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93033?format=json","vulnerability_id":"VCID-w4rg-z2zz-xygu","summary":"MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the \"Change visibility of selected log entries\" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35477","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65108","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65151","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65161","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65149","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65137","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65155","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909231","reference_id":"1909231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909231"},{"reference_url":"https://security.archlinux.org/ASA-202101-22","reference_id":"ASA-202101-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-22"},{"reference_url":"https://security.archlinux.org/AVG-1371","reference_id":"AVG-1371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1371"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116063?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-35477"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4rg-z2zz-xygu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93038?format=json","vulnerability_id":"VCID-wdja-hkyz-x7cd","summary":"An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30153","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45146","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45078","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45115","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45103","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45132","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4515","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30153"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html","reference_id":"094418.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/"}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"},{"reference_url":"https://phabricator.wikimedia.org/T270453","reference_id":"T270453","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/"}],"url":"https://phabricator.wikimedia.org/T270453"},{"reference_url":"https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/","reference_id":"XYBF5RSTJRMVCP7QBYK7643W75A3KCIY","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T16:14:31Z/"}],"url":"https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116067?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-30153"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdja-hkyz-x7cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93010?format=json","vulnerability_id":"VCID-wdva-tt5d-fkfp","summary":"Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0372","reference_id":"","reference_type":"","scores":[{"value":"0.58351","scoring_system":"epss","scoring_elements":"0.9823","published_at":"2026-06-04T12:55:00Z"},{"value":"0.58351","scoring_system":"epss","scoring_elements":"0.98233","published_at":"2026-06-07T12:55:00Z"},{"value":"0.58351","scoring_system":"epss","scoring_elements":"0.98234","published_at":"2026-06-08T12:55:00Z"},{"value":"0.58351","scoring_system":"epss","scoring_elements":"0.98232","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861585","reference_id":"861585","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861585"},{"reference_url":"https://security.archlinux.org/AVG-259","reference_id":"AVG-259","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-259"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116053?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0372"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdva-tt5d-fkfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93065?format=json","vulnerability_id":"VCID-wg32-kgw1-zyh4","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php.  This issue affects AbuseFilter: from >= 1.43.0 before 1.43.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32700","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62228","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62202","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62218","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.6222","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62217","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32700"},{"reference_url":"https://phabricator.wikimedia.org/T389235","reference_id":"T389235","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:49:42Z/"}],"url":"https://phabricator.wikimedia.org/T389235"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116097?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-32700"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg32-kgw1-zyh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93018?format=json","vulnerability_id":"VCID-wn7c-cwg4-rke1","summary":"Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12473","reference_id":"","reference_type":"","scores":[{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64507","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64512","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64494","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64504","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64516","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64463","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12473","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12473"},{"reference_url":"https://phabricator.wikimedia.org/T204729","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T204729"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jun/12"},{"reference_url":"https://www.debian.org/security/2019/dsa-4460","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4460"},{"reference_url":"https://github.com/advisories/GHSA-33xw-x3pr-rvqj","reference_id":"GHSA-33xw-x3pr-rvqj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-33xw-x3pr-rvqj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116056?format=json","purl":"pkg:deb/debian/mediawiki@1:1.31.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.31.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12473","GHSA-33xw-x3pr-rvqj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wn7c-cwg4-rke1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93036?format=json","vulnerability_id":"VCID-wp72-8cwv-mkem","summary":"An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35480.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35480","reference_id":"","reference_type":"","scores":[{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.5727","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57323","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57306","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57331","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57319","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909240","reference_id":"1909240","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909240"},{"reference_url":"https://security.archlinux.org/ASA-202101-22","reference_id":"ASA-202101-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-22"},{"reference_url":"https://security.archlinux.org/AVG-1371","reference_id":"AVG-1371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1371"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116063?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-35480"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wp72-8cwv-mkem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92956?format=json","vulnerability_id":"VCID-wquq-3vzt-j3ga","summary":"The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7444","reference_id":"","reference_type":"","scores":[{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64014","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64056","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64064","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64054","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64041","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64061","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096","reference_id":"799096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-7444"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wquq-3vzt-j3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44814?format=json","vulnerability_id":"VCID-wte4-8b73-p3hw","summary":"X-Forwarded-For header allows brute-forcing autoblocked IP addresses\nAn issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29141","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52867","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52881","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52887","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52868","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52843","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675"},{"reference_url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7"},{"reference_url":"https://phabricator.wikimedia.org/T285159","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://phabricator.wikimedia.org/T285159"},{"reference_url":"https://www.debian.org/security/2023/dsa-5447","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://www.debian.org/security/2023/dsa-5447"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183627","reference_id":"2183627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29141","reference_id":"CVE-2023-29141","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29141"},{"reference_url":"https://github.com/advisories/GHSA-5vj8-g3qg-4qh6","reference_id":"GHSA-5vj8-g3qg-4qh6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5vj8-g3qg-4qh6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/","reference_id":"ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/","reference_id":"ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116065?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116064?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116066?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-29141","GHSA-5vj8-g3qg-4qh6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wte4-8b73-p3hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6585?format=json","vulnerability_id":"VCID-wucn-bbxt-27gk","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0369.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0369.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0369","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33891","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33993","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34008","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33975","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33941","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33964","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0369","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0369"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569800","reference_id":"1569800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569800"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0369"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wucn-bbxt-27gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3548?format=json","vulnerability_id":"VCID-wvfs-nc5r-g7ht","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44855.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44855","reference_id":"","reference_type":"","scores":[{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.6694","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66972","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.6698","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66989","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66974","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66956","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156318","reference_id":"2156318","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2156318"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://phabricator.wikimedia.org/T293589","reference_id":"T293589","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:51:07Z/"}],"url":"https://phabricator.wikimedia.org/T293589"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116073?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-44855"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvfs-nc5r-g7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92946?format=json","vulnerability_id":"VCID-ww7q-3qdb-eya5","summary":"(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4302","reference_id":"","reference_type":"","scores":[{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.72325","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.72367","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.72373","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.72353","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.72338","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.72363","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4302"},{"reference_url":"https://security.gentoo.org/glsa/201310-21","reference_id":"GLSA-201310-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116036?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4302"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww7q-3qdb-eya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93087?format=json","vulnerability_id":"VCID-x15v-c3t4-fkcj","summary":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6595","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00532","published_at":"2026-06-06T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00531","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00526","published_at":"2026-06-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0053","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6595"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6595","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6595"},{"reference_url":"https://phabricator.wikimedia.org/T394863","reference_id":"T394863","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T19:53:03Z/"}],"url":"https://phabricator.wikimedia.org/T394863"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116093?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6595"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x15v-c3t4-fkcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6410?format=json","vulnerability_id":"VCID-x2f1-6t18-xqgm","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0361.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0361.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0361","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2336","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23408","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23355","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23386","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23469","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23456","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0361"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569705","reference_id":"1569705","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1569705"},{"reference_url":"https://security.archlinux.org/ASA-201704-3","reference_id":"ASA-201704-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-3"},{"reference_url":"https://security.archlinux.org/ASA-201711-20","reference_id":"ASA-201711-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-20"},{"reference_url":"https://security.archlinux.org/AVG-236","reference_id":"AVG-236","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-236"},{"reference_url":"https://security.archlinux.org/AVG-490","reference_id":"AVG-490","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116052?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-0361"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2f1-6t18-xqgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53493?format=json","vulnerability_id":"VCID-x41v-jdkw-f7dx","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36649","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62791","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62747","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62792","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62802","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62777","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36649"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649"},{"reference_url":"https://github.com/mholt/PapaParse","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse"},{"reference_url":"https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621"},{"reference_url":"https://github.com/mholt/PapaParse/issues/777","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse/issues/777"},{"reference_url":"https://github.com/mholt/PapaParse/pull/779","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse/pull/779"},{"reference_url":"https://github.com/mholt/PapaParse/releases/tag/5.2.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse/releases/tag/5.2.0"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258"},{"reference_url":"https://vuldb.com/?ctiid.218004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?ctiid.218004"},{"reference_url":"https://vuldb.com/?id.218004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?id.218004"},{"reference_url":"https://www.npmjs.com/advisories/1515","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/1515"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160359","reference_id":"2160359","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160359"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36649","reference_id":"CVE-2020-36649","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36649"},{"reference_url":"https://github.com/advisories/GHSA-qvjc-g5vr-mfgr","reference_id":"GHSA-qvjc-g5vr-mfgr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvjc-g5vr-mfgr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116065?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116064?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116066?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-36649","GHSA-qvjc-g5vr-mfgr","GMS-2020-421"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x41v-jdkw-f7dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93030?format=json","vulnerability_id":"VCID-x8p9-z9ze-n7ac","summary":"An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25828","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60167","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60149","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60166","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60179","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60176","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60129","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-announce","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-announce"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25828","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25828"},{"reference_url":"https://phabricator.wikimedia.org/T115888","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T115888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903776","reference_id":"1903776","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903776"},{"reference_url":"https://github.com/advisories/GHSA-h8qx-mj6v-2934","reference_id":"GHSA-h8qx-mj6v-2934","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8qx-mj6v-2934"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116062?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-25828","GHSA-h8qx-mj6v-2934"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8p9-z9ze-n7ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67929?format=json","vulnerability_id":"VCID-xg93-1t9p-ufdd","summary":"MediaWiki: MediaWiki: Vulnerability in authentication management","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6597.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6597.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6597","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07342","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07277","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07289","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07335","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07321","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6597"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436116","reference_id":"2436116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436116"},{"reference_url":"https://phabricator.wikimedia.org/T389009","reference_id":"T389009","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T21:12:25Z/"}],"url":"https://phabricator.wikimedia.org/T389009"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116094?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116093?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.13-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116098?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6597"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg93-1t9p-ufdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6404?format=json","vulnerability_id":"VCID-xwsj-82z3-3kfk","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8814","reference_id":"","reference_type":"","scores":[{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71324","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71273","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71317","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71313","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71303","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71288","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815"},{"reference_url":"https://security.archlinux.org/ASA-201711-20","reference_id":"ASA-201711-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-20"},{"reference_url":"https://security.archlinux.org/AVG-490","reference_id":"AVG-490","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116054?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-8814"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwsj-82z3-3kfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7082?format=json","vulnerability_id":"VCID-xxzh-tyxs-6ugj","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41800","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.722","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72187","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.7216","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72201","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72208","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72174","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801"},{"reference_url":"https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"},{"reference_url":"https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5"},{"reference_url":"https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41800","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41800"},{"reference_url":"https://phabricator.wikimedia.org/T284419","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T284419"},{"reference_url":"https://security.gentoo.org/glsa/202305-24","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202305-24"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2009517","reference_id":"2009517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2009517"},{"reference_url":"https://security.archlinux.org/AVG-2434","reference_id":"AVG-2434","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2434"},{"reference_url":"https://github.com/advisories/GHSA-c8wv-qwwc-6j73","reference_id":"GHSA-c8wv-qwwc-6j73","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c8wv-qwwc-6j73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116071?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116072?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-41800","GHSA-c8wv-qwwc-6j73"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxzh-tyxs-6ugj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92895?format=json","vulnerability_id":"VCID-xzrv-72df-k3dg","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4408.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4408","reference_id":"","reference_type":"","scores":[{"value":"0.00691","scoring_system":"epss","scoring_elements":"0.72198","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00691","scoring_system":"epss","scoring_elements":"0.7224","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00691","scoring_system":"epss","scoring_elements":"0.72246","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00691","scoring_system":"epss","scoring_elements":"0.72225","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00691","scoring_system":"epss","scoring_elements":"0.72211","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00691","scoring_system":"epss","scoring_elements":"0.72237","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4408"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=465734","reference_id":"465734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=465734"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501115","reference_id":"501115","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501115"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116012?format=json","purl":"pkg:deb/debian/mediawiki@1:1.13.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.13.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-4408"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xzrv-72df-k3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92879?format=json","vulnerability_id":"VCID-yj5h-cj7r-kfcy","summary":"Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via \"certain malformed links.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0322","reference_id":"","reference_type":"","scores":[{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73287","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73323","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73329","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73315","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73302","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73326","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0322"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0322","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0322"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116003?format=json","purl":"pkg:deb/debian/mediawiki@1.4.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2006-0322"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yj5h-cj7r-kfcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92969?format=json","vulnerability_id":"VCID-yjuv-8c4t-p7em","summary":"Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9276","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29596","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29665","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29627","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29595","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29562","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29575","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9276"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-9276"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjuv-8c4t-p7em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92880?format=json","vulnerability_id":"VCID-yn5s-nccj-hbad","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1498","reference_id":"","reference_type":"","scores":[{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77663","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.7769","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77698","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77687","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77677","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77695","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1498"},{"reference_url":"https://security.gentoo.org/glsa/200604-01","reference_id":"GLSA-200604-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200604-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116003?format=json","purl":"pkg:deb/debian/mediawiki@1.4.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2006-1498"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn5s-nccj-hbad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6409?format=json","vulnerability_id":"VCID-ypnm-uud2-wyey","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8808","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6128","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61224","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61272","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61269","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61266","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61249","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8815"},{"reference_url":"https://security.archlinux.org/ASA-201711-20","reference_id":"ASA-201711-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-20"},{"reference_url":"https://security.archlinux.org/AVG-490","reference_id":"AVG-490","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116054?format=json","purl":"pkg:deb/debian/mediawiki@1:1.27.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.27.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-8808"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypnm-uud2-wyey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93100?format=json","vulnerability_id":"VCID-yq2s-sqnf-gqap","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.   This vulnerability is associated with program files includes/Skin/Skin.Php.    This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34092","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11033","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14474","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14477","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14439","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14358","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34092"},{"reference_url":"https://phabricator.wikimedia.org/T384147","reference_id":"T384147","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:50:50Z/"}],"url":"https://phabricator.wikimedia.org/T384147"},{"reference_url":"https://usn.ubuntu.com/8315-1/","reference_id":"USN-8315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8315-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116101?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34092"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yq2s-sqnf-gqap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92882?format=json","vulnerability_id":"VCID-yszs-s9yz-cuc2","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2895","reference_id":"","reference_type":"","scores":[{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.71196","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.71239","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.71246","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.71226","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.7121","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.71236","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2895"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116000?format=json","purl":"pkg:deb/debian/mediawiki@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2006-2895"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yszs-s9yz-cuc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92864?format=json","vulnerability_id":"VCID-yv5k-cg9x-3bgg","summary":"Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0534","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63691","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63733","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6374","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63732","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6372","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63739","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0534"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057","reference_id":"276057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115991?format=json","purl":"pkg:deb/debian/mediawiki@1.4.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.4.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-0534"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yv5k-cg9x-3bgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3543?format=json","vulnerability_id":"VCID-z2ex-7mvc-5ud7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31042","reference_id":"","reference_type":"","scores":[{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81151","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81194","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81176","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.8118","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81183","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81178","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml"},{"reference_url":"https://github.com/guzzle/guzzle","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guzzle/guzzle"},{"reference_url":"https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/"}],"url":"https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8"},{"reference_url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/"}],"url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31042","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31042"},{"reference_url":"https://www.debian.org/security/2022/dsa-5246","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/"}],"url":"https://www.debian.org/security/2022/dsa-5246"},{"reference_url":"https://www.drupal.org/sa-core-2022-011","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/"}],"url":"https://www.drupal.org/sa-core-2022-011"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821","reference_id":"1012821","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821"},{"reference_url":"https://security.archlinux.org/AVG-2823","reference_id":"AVG-2823","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2823"},{"reference_url":"https://github.com/advisories/GHSA-f2wf-25xc-69c9","reference_id":"GHSA-f2wf-25xc-69c9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f2wf-25xc-69c9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116077?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116074?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.8-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-31042","GHSA-f2wf-25xc-69c9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2ex-7mvc-5ud7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92961?format=json","vulnerability_id":"VCID-z4xm-28fh-afdz","summary":"includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a \"login CSRF\" issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2665","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41794","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4187","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4188","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41851","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41816","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41825","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857","reference_id":"742857","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857"},{"reference_url":"https://security.gentoo.org/glsa/201502-04","reference_id":"GLSA-201502-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116043?format=json","purl":"pkg:deb/debian/mediawiki@1:1.19.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-2665"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4xm-28fh-afdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92993?format=json","vulnerability_id":"VCID-z63z-16wj-3ff6","summary":"MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8004","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36547","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.3664","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36648","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36612","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36575","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36585","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116039?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8004"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z63z-16wj-3ff6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92905?format=json","vulnerability_id":"VCID-z66p-np39-wkem","summary":"MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka \"CSS validation issue.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1189.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1189","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59843","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59893","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59896","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59887","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59867","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59886","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1189"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=571926","reference_id":"571926","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=571926"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116019?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2010-1189"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z66p-np39-wkem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92907?format=json","vulnerability_id":"VCID-zhp5-aw8g-8udz","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1647","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48337","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48399","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48402","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48384","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48355","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48367","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1647"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585918","reference_id":"585918","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585918"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116020?format=json","purl":"pkg:deb/debian/mediawiki@1:1.15.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.15.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2010-1647"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhp5-aw8g-8udz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93094?format=json","vulnerability_id":"VCID-zv3h-mucp-bkhr","summary":"Vulnerability in Wikimedia Foundation AbuseFilter.  This issue affects AbuseFilter: from * before 1.43.7, 1.44.4, 1.45.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34086","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26304","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26204","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2621","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26312","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2626","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34086"},{"reference_url":"https://phabricator.wikimedia.org/T415584","reference_id":"T415584","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:33:23Z/"}],"url":"https://phabricator.wikimedia.org/T415584"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116101?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34086"],"risk_score":0.7,"exploitability":"0.5","weighted_severity":"1.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv3h-mucp-bkhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93092?format=json","vulnerability_id":"VCID-zztt-dzzg-8qg3","summary":"Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C.  This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67482","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02539","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02466","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02426","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02538","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02482","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67482"},{"reference_url":"https://phabricator.wikimedia.org/T408135","reference_id":"T408135","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:26:14Z/"}],"url":"https://phabricator.wikimedia.org/T408135"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115992?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6abq-6jq6-cfhg"},{"vulnerability":"VCID-7btv-s4q8-muds"},{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-dnka-4jmd-uudb"},{"vulnerability":"VCID-qpyg-4cts-z3gz"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116099?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116089?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115990?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cx2g-7k39-9kc6"},{"vulnerability":"VCID-zv3h-mucp-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116092?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/116100?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115994?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115993?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-67482"],"risk_score":0.5,"exploitability":"0.5","weighted_severity":"1.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zztt-dzzg-8qg3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"}