Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/143631?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/143631?format=api", "purl": "pkg:composer/mediawiki/core@1.32.0", "type": "composer", "namespace": "mediawiki", "name": "core", "version": "1.32.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.35.12", "latest_non_vulnerable_version": "1.40.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54312?format=api", "vulnerability_id": "VCID-1697-p35n-fber", "summary": "Wikimedia MediaWiki allows CSRF\nWikimedia MediaWiki through 1.32.1 allows CSRF in logout feature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38863", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38781", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39472", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39615", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39639", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39637", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39608", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39524", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39344", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12466" }, { "reference_url": "https://phabricator.wikimedia.org/T25227", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T25227" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-27fw-r78j-h898", "reference_id": "GHSA-27fw-r78j-h898", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-27fw-r78j-h898" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81686?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12466", "GHSA-27fw-r78j-h898" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1697-p35n-fber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57664?format=api", "vulnerability_id": "VCID-1866-gt2g-1qfv", "summary": "MediaWiki Incorrect Access Control vulnerability\nMediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35336", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35255", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35983", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36207", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36042", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36092", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3611", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36052", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36093", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36026", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35794", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12469" }, { "reference_url": "https://phabricator.wikimedia.org/T222036", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T222036" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-x3fr-w7r5-x7rg", "reference_id": "GHSA-x3fr-w7r5-x7rg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x3fr-w7r5-x7rg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81686?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12469", "GHSA-x3fr-w7r5-x7rg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1866-gt2g-1qfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58484?format=api", "vulnerability_id": "VCID-424y-cjxg-c7az", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25815.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25815", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59823", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59703", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5977", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59839", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59859", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5985", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5982", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59838", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25815" }, { "reference_url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25815.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25815", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25815" }, { "reference_url": "https://phabricator.wikimedia.org/T256171", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T256171" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903759", "reference_id": "1903759", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903759" }, { "reference_url": "https://github.com/advisories/GHSA-2f58-vf6g-6p8x", "reference_id": "GHSA-2f58-vf6g-6p8x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2f58-vf6g-6p8x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82478?format=api", "purl": "pkg:composer/mediawiki/core@1.34.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/83405?format=api", "purl": "pkg:composer/mediawiki/core@1.35.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0" } ], "aliases": [ "CVE-2020-25815", "GHSA-2f58-vf6g-6p8x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-424y-cjxg-c7az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55617?format=api", "vulnerability_id": "VCID-4keq-jcfa-13hc", "summary": "Possible to circumvent title-blacklist\nMediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19709", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54569", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54502", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54574", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54597", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54567", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54613", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54626", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54608", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54587", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54625", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54605", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54592", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709" }, { "reference_url": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19709", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19709" }, { "reference_url": "https://phabricator.wikimedia.org/T239466", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T239466" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/48", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Dec/48" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4592", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4592" }, { "reference_url": "https://github.com/advisories/GHSA-pjv5-vv93-p648", "reference_id": "GHSA-pjv5-vv93-p648", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pjv5-vv93-p648" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82667?format=api", "purl": "pkg:composer/mediawiki/core@1.32.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/82668?format=api", "purl": "pkg:composer/mediawiki/core@1.33.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/82669?format=api", "purl": "pkg:composer/mediawiki/core@1.34.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-at9r-vw7p-6bfv" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.0" } ], "aliases": [ "CVE-2019-19709", "GHSA-pjv5-vv93-p648" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4keq-jcfa-13hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17014?format=api", "vulnerability_id": "VCID-7eba-7gsc-hbfg", "summary": "X-Forwarded-For header allows brute-forcing autoblocked IP addresses\nAn issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48448", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48401", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48509", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48447", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48473", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48449", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52518", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52609", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52555", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52545", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52594", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7" }, { "reference_url": "https://phabricator.wikimedia.org/T285159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://phabricator.wikimedia.org/T285159" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5447", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5447" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627", "reference_id": "2183627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141", "reference_id": "CVE-2023-29141", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141" }, { "reference_url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6", "reference_id": "GHSA-5vj8-g3qg-4qh6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/", "reference_id": "ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/", "reference_id": "ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56710?format=api", "purl": "pkg:composer/mediawiki/core@1.35.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jm7q-2w3j-buhh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/56709?format=api", "purl": "pkg:composer/mediawiki/core@1.38.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jm7q-2w3j-buhh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/56708?format=api", "purl": "pkg:composer/mediawiki/core@1.39.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jm7q-2w3j-buhh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3" } ], "aliases": [ "CVE-2023-29141", "GHSA-5vj8-g3qg-4qh6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55279?format=api", "vulnerability_id": "VCID-9qyu-z71g-1qbq", "summary": "MediaWiki Open Redirect vulnerability\nresources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5065", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50622", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50701", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50657", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50708", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5075", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50727", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50752", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50738", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50687", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50695", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10959" }, { "reference_url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10959", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10959" }, { "reference_url": "https://phabricator.wikimedia.org/T232932", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T232932" }, { "reference_url": "https://phabricator.wikimedia.org/T240393", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T240393" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826079", "reference_id": "1826079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826079" }, { "reference_url": "https://github.com/advisories/GHSA-mqhw-wq8p-vf5r", "reference_id": "GHSA-mqhw-wq8p-vf5r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqhw-wq8p-vf5r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82439?format=api", "purl": "pkg:composer/mediawiki/core@1.34.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.0-rc.0" } ], "aliases": [ "CVE-2020-10959", "GHSA-mqhw-wq8p-vf5r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qyu-z71g-1qbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59672?format=api", "vulnerability_id": "VCID-arzd-7xhw-qqb4", "summary": "OATHAuth extension in MediaWiki is not implementing rate limit\nAn issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46939", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46977", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46985", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46988", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4697", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46991", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47042", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47046", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46983", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4701", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25827.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25827" }, { "reference_url": "https://phabricator.wikimedia.org/T251661", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T251661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903761", "reference_id": "1903761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903761" }, { "reference_url": "https://github.com/advisories/GHSA-rqvj-fc2x-99q6", "reference_id": "GHSA-rqvj-fc2x-99q6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqvj-fc2x-99q6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82478?format=api", "purl": "pkg:composer/mediawiki/core@1.34.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3" } ], "aliases": [ "CVE-2020-25827", "GHSA-rqvj-fc2x-99q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arzd-7xhw-qqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57632?format=api", "vulnerability_id": "VCID-azup-qzq7-sbh6", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nIn MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href =\"javascript... that executes when clicked.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25814.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56399", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56339", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56437", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5646", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56492", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56507", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56464", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56498", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56468", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56401", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5642", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25814.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25814" }, { "reference_url": "https://phabricator.wikimedia.org/T86738", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T86738" }, { "reference_url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903774", "reference_id": "1903774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903774" }, { "reference_url": "https://github.com/advisories/GHSA-4vr7-m8p8-434h", "reference_id": "GHSA-4vr7-m8p8-434h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vr7-m8p8-434h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82478?format=api", "purl": "pkg:composer/mediawiki/core@1.34.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/83405?format=api", "purl": "pkg:composer/mediawiki/core@1.35.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0" } ], "aliases": [ "CVE-2020-25814", "GHSA-4vr7-m8p8-434h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55161?format=api", "vulnerability_id": "VCID-bbef-akjp-a3gp", "summary": "Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple\nWikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.64193", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.64192", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64518", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64464", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64548", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64506", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64554", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.6457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64586", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64573", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64579", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.6459", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64596", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12473" }, { "reference_url": "https://phabricator.wikimedia.org/T204729", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T204729" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-33xw-x3pr-rvqj", "reference_id": "GHSA-33xw-x3pr-rvqj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33xw-x3pr-rvqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81686?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12473", "GHSA-33xw-x3pr-rvqj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbef-akjp-a3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55940?format=api", "vulnerability_id": "VCID-gma6-b9cy-kqee", "summary": "MediaWiki Incorrect Access Control vulnerability\nMediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52598", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52561", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53118", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53139", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53163", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53131", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53185", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53178", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53229", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53214", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53198", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53235", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53241", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53224", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12467" }, { "reference_url": "https://phabricator.wikimedia.org/T209794", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T209794" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-6vfg-8ppv-h5hg", "reference_id": "GHSA-6vfg-8ppv-h5hg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6vfg-8ppv-h5hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81686?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12467", "GHSA-6vfg-8ppv-h5hg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gma6-b9cy-kqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19329?format=api", "vulnerability_id": "VCID-jm7q-2w3j-buhh", "summary": "MediaWiki Denial of Service vulnerability\nAn issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93463", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93467", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93464", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93458", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93452", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93427", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93407", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html" }, { "reference_url": "https://phabricator.wikimedia.org/T333050", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://phabricator.wikimedia.org/T333050" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363", "reference_id": "CVE-2023-45363", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363" }, { "reference_url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9", "reference_id": "GHSA-w5fx-cx7f-6vr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60391?format=api", "purl": "pkg:composer/mediawiki/core@1.35.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/60392?format=api", "purl": "pkg:composer/mediawiki/core@1.39.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/60393?format=api", "purl": "pkg:composer/mediawiki/core@1.40.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.40.1" } ], "aliases": [ "CVE-2023-45363", "GHSA-w5fx-cx7f-6vr9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57414?format=api", "vulnerability_id": "VCID-pm5t-23j4-6yh6", "summary": "MediaWiki Cross-site Scripting (XSS) vulnerability\nAn issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59823", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59703", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5977", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59839", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59859", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5985", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5982", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59838", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25828.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25828" }, { "reference_url": "https://phabricator.wikimedia.org/T115888", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T115888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903776", "reference_id": "1903776", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903776" }, { "reference_url": "https://github.com/advisories/GHSA-h8qx-mj6v-2934", "reference_id": "GHSA-h8qx-mj6v-2934", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8qx-mj6v-2934" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82478?format=api", "purl": "pkg:composer/mediawiki/core@1.34.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/83405?format=api", "purl": "pkg:composer/mediawiki/core@1.35.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.0" } ], "aliases": [ "CVE-2020-25828", "GHSA-h8qx-mj6v-2934" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57500?format=api", "vulnerability_id": "VCID-qmx3-kcnd-zuhe", "summary": "Wikimedia MediaWiki Incorrect Access Control vulnerability\nAn Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66392", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66393", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66688", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66753", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66774", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66789", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.6681", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66796", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66766", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.668", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66814", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66797", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66822", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12468" }, { "reference_url": "https://phabricator.wikimedia.org/T197279", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T197279" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-wrhx-3pxr-6vgg", "reference_id": "GHSA-wrhx-3pxr-6vgg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrhx-3pxr-6vgg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81686?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12468", "GHSA-wrhx-3pxr-6vgg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmx3-kcnd-zuhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54640?format=api", "vulnerability_id": "VCID-t6w8-cgct-gbgz", "summary": "MediaWiki information disclosure\nIn MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16738.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61699", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61704", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61536", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61659", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.6164", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.6161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61687", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61711", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61705", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61664", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61684", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61695", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61674", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-16738.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16738", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16738" }, { "reference_url": "https://phabricator.wikimedia.org/T230402", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T230402" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/32", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Oct/32" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4545", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4545" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755762", "reference_id": "1755762", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755762" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-7hwr-f745-5rwq", "reference_id": "GHSA-7hwr-f745-5rwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7hwr-f745-5rwq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81914?format=api", "purl": "pkg:composer/mediawiki/core@1.32.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/81915?format=api", "purl": "pkg:composer/mediawiki/core@1.33.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.1" } ], "aliases": [ "CVE-2019-16738", "GHSA-7hwr-f745-5rwq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6w8-cgct-gbgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55130?format=api", "vulnerability_id": "VCID-tq2e-c9ym-a3hj", "summary": "Wikimedia information leak vulnerability\nWikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48959", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48912", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49411", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49382", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49438", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49391", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49446", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49441", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49458", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49432", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49478", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49475", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49445", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49434", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12474" }, { "reference_url": "https://phabricator.wikimedia.org/T212118", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T212118" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-2qrr-c2gh-pr35", "reference_id": "GHSA-2qrr-c2gh-pr35", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qrr-c2gh-pr35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81686?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12474", "GHSA-2qrr-c2gh-pr35" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tq2e-c9ym-a3hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55371?format=api", "vulnerability_id": "VCID-u2xc-ztge-p3bv", "summary": "MediaWiki Incorrect Access Control vulnerability\nAn Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35409", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35765", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35816", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35838", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35845", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35805", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35782", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35821", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35809", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35527", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35496", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35707", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35905", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35935", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12472" }, { "reference_url": "https://phabricator.wikimedia.org/T199540", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T199540" }, { "reference_url": "https://github.com/advisories/GHSA-7mqg-5fgh-xh4r", "reference_id": "GHSA-7mqg-5fgh-xh4r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mqg-5fgh-xh4r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81686?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12472", "GHSA-7mqg-5fgh-xh4r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2xc-ztge-p3bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55339?format=api", "vulnerability_id": "VCID-ujdn-y48t-pbch", "summary": "MediaWiki Special:UserRights exposes the existence of hidden users\nIn MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, Special:UserRights exposes the existence of hidden users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58581", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58597", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58565", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58595", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58574", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58489", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58584", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58639", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5864", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58623", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58616", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" }, { "reference_url": "https://meta.wikimedia.org/wiki/Special:UserRights", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://meta.wikimedia.org/wiki/Special:UserRights" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25813" }, { "reference_url": "https://phabricator.wikimedia.org/T232568", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T232568" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903764", "reference_id": "1903764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903764" }, { "reference_url": "https://github.com/advisories/GHSA-c4rj-wrmq-52rj", "reference_id": "GHSA-c4rj-wrmq-52rj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4rj-wrmq-52rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82478?format=api", "purl": "pkg:composer/mediawiki/core@1.34.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3" } ], "aliases": [ "CVE-2020-25813", "GHSA-c4rj-wrmq-52rj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujdn-y48t-pbch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55233?format=api", "vulnerability_id": "VCID-yr8d-347g-pugg", "summary": "Wikimedia MediaWik exposed suppressed log in RevisionDelete page\nWikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37253", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37161", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37889", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.3805", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38074", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38007", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38017", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38034", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37998", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37973", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38018", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37936", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37723", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12470" }, { "reference_url": "https://phabricator.wikimedia.org/T222038", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T222038" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-733q-m38x-q7cc", "reference_id": "GHSA-733q-m38x-q7cc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-733q-m38x-q7cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81686?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12470", "GHSA-733q-m38x-q7cc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yr8d-347g-pugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31063?format=api", "vulnerability_id": "VCID-z9d9-aer5-gfa9", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38933", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39016", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39035", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3925", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39337", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39365", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39359", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39342", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39374", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39164", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800" }, { "reference_url": "https://phabricator.wikimedia.org/T284419", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T284419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517", "reference_id": "2009517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73", "reference_id": "GHSA-c8wv-qwwc-6j73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83531?format=api", "purl": "pkg:composer/mediawiki/core@1.36.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jm7q-2w3j-buhh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.36.2" } ], "aliases": [ "CVE-2021-41800", "GHSA-c8wv-qwwc-6j73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59788?format=api", "vulnerability_id": "VCID-zgdf-mxfn-gbea", "summary": "img_auth.php may leak private extension images into the public cache\nIn MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72916", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.7285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72811", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72825", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72833", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72918", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72909", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72868", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72866", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72768", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72776", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72824", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72796", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72773", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15005" }, { "reference_url": "https://phabricator.wikimedia.org/T248947", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T248947" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4767", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851026", "reference_id": "1851026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851026" }, { "reference_url": "https://github.com/advisories/GHSA-xpv7-93cm-4mxv", "reference_id": "GHSA-xpv7-93cm-4mxv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpv7-93cm-4mxv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84693?format=api", "purl": "pkg:composer/mediawiki/core@1.33.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84694?format=api", "purl": "pkg:composer/mediawiki/core@1.34.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.2" } ], "aliases": [ "CVE-2020-15005", "GHSA-xpv7-93cm-4mxv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgdf-mxfn-gbea" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.0" }