{"url":"http://public2.vulnerablecode.io/api/packages/930677?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie","type":"deb","namespace":"debian","name":"mediawiki","version":"1:1.39.4-1~deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:1.39.4-1","latest_non_vulnerable_version":"1:1.43.8+dfsg-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17014?format=json","vulnerability_id":"VCID-7eba-7gsc-hbfg","summary":"X-Forwarded-For header allows brute-forcing autoblocked IP addresses\nAn issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29141","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48448","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48509","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48459","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48447","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48473","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48426","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48449","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48455","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48401","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52522","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52514","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52461","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52518","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52555","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52545","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52594","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52626","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52548","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.5256","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675"},{"reference_url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7"},{"reference_url":"https://phabricator.wikimedia.org/T285159","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://phabricator.wikimedia.org/T285159"},{"reference_url":"https://www.debian.org/security/2023/dsa-5447","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://www.debian.org/security/2023/dsa-5447"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183627","reference_id":"2183627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29141","reference_id":"CVE-2023-29141","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29141"},{"reference_url":"https://github.com/advisories/GHSA-5vj8-g3qg-4qh6","reference_id":"GHSA-5vj8-g3qg-4qh6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5vj8-g3qg-4qh6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/","reference_id":"ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/","reference_id":"ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930615?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7831-8u7z-6fep"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930677?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930613?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7831-8u7z-6fep"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930618?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-buwp-69zb-93hs"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-q7k6-59z5-d7a7"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-xdct-ca96-3uat"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930616?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930617?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kw32-af5a-hqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059637?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-29141","GHSA-5vj8-g3qg-4qh6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32819?format=json","vulnerability_id":"VCID-9g1g-z7d8-c7ah","summary":"Regular Expression Denial of Service in papaparse\nVersions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 5.2.0 or later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36649","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62565","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62317","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62375","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62405","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.6237","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62419","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62436","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62455","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62445","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62423","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62467","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62474","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62458","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62468","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62484","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62427","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62532","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62486","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62511","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36649"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649"},{"reference_url":"https://github.com/mholt/PapaParse","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse"},{"reference_url":"https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621"},{"reference_url":"https://github.com/mholt/PapaParse/issues/777","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse/issues/777"},{"reference_url":"https://github.com/mholt/PapaParse/pull/779","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse/pull/779"},{"reference_url":"https://github.com/mholt/PapaParse/releases/tag/5.2.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mholt/PapaParse/releases/tag/5.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36649","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36649"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258"},{"reference_url":"https://vuldb.com/?ctiid.218004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?ctiid.218004"},{"reference_url":"https://vuldb.com/?id.218004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://vuldb.com/?id.218004"},{"reference_url":"https://www.npmjs.com/advisories/1515","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/1515"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160359","reference_id":"2160359","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160359"},{"reference_url":"https://github.com/advisories/GHSA-qvjc-g5vr-mfgr","reference_id":"GHSA-qvjc-g5vr-mfgr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvjc-g5vr-mfgr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930615?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7831-8u7z-6fep"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930677?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930613?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7831-8u7z-6fep"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930618?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-buwp-69zb-93hs"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-q7k6-59z5-d7a7"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-xdct-ca96-3uat"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930616?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930617?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kw32-af5a-hqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059637?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-36649","GHSA-qvjc-g5vr-mfgr","GMS-2020-421"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9g1g-z7d8-c7ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78306?format=json","vulnerability_id":"VCID-b8r6-r39r-3ffm","summary":"MediaWiki: Manualthumb bypasses badFile lookup","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36674.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36674","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13455","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1344","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13255","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13337","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13332","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13362","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13518","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13312","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13394","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13444","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13418","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13383","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13336","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13243","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13241","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13321","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13329","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13301","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13197","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.131","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2233116","reference_id":"2233116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2233116"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/","reference_id":"2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/","reference_id":"6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/","reference_id":"DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"},{"reference_url":"https://phabricator.wikimedia.org/T335612","reference_id":"T335612","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:27:32Z/"}],"url":"https://phabricator.wikimedia.org/T335612"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930615?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7831-8u7z-6fep"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930677?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930613?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7831-8u7z-6fep"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930618?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-buwp-69zb-93hs"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-q7k6-59z5-d7a7"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-xdct-ca96-3uat"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930616?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930617?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kw32-af5a-hqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059637?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-36674"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8r6-r39r-3ffm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78316?format=json","vulnerability_id":"VCID-ruur-4cvx-cqct","summary":"mediawiki: cross site scripting","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36675.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36675","reference_id":"","reference_type":"","scores":[{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66994","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.6706","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67019","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67055","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67074","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67062","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67076","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67057","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67347","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.6738","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67442","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67322","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67333","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67334","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67306","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67384","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67356","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36675"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675"},{"reference_url":"https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40","reference_id":"1.40#Other_changes_in_1.40","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217428","reference_id":"2217428","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217428"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/","reference_id":"2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/","reference_id":"6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/","reference_id":"DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"},{"reference_url":"https://phabricator.wikimedia.org/T332889","reference_id":"T332889","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:24:50Z/"}],"url":"https://phabricator.wikimedia.org/T332889"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.11-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930615?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7831-8u7z-6fep"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930677?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930613?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7831-8u7z-6fep"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930618?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-buwp-69zb-93hs"},{"vulnerability":"VCID-cbtm-g4t5-u3am"},{"vulnerability":"VCID-d5vz-puw9-t7er"},{"vulnerability":"VCID-kw32-af5a-hqg8"},{"vulnerability":"VCID-q7k6-59z5-d7a7"},{"vulnerability":"VCID-wktm-ya6k-v7dv"},{"vulnerability":"VCID-x8t7-agtn-zudu"},{"vulnerability":"VCID-xdct-ca96-3uat"},{"vulnerability":"VCID-zmax-894d-5kfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930616?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930617?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kw32-af5a-hqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059637?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-36675"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruur-4cvx-cqct"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1%3Fdistro=trixie"}