Search for packages
Package details: pkg:composer/mediawiki/core@1.32.0-rc.0
purl pkg:composer/mediawiki/core@1.32.0-rc.0
Next non-vulnerable version 1.35.12
Latest non-vulnerable version 1.40.1
Risk 4.5
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-3yrw-9sdc-aaac
Aliases:
CVE-2020-10959
GHSA-mqhw-wq8p-vf5r
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
1.34.0-rc.0
Affected by 10 other vulnerabilities.
VCID-59gg-vg2h-aaae
Aliases:
CVE-2023-29141
GHSA-5vj8-g3qg-4qh6
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
1.35.10
Affected by 2 other vulnerabilities.
1.38.6
Affected by 2 other vulnerabilities.
1.39.3
Affected by 2 other vulnerabilities.
VCID-ah5y-k5sb-aaap
Aliases:
CVE-2021-41800
GHSA-c8wv-qwwc-6j73
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.
1.36.2
Affected by 2 other vulnerabilities.
VCID-aus1-t1px-aaar
Aliases:
CVE-2023-45363
GHSA-w5fx-cx7f-6vr9
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
1.35.12
Affected by 0 other vulnerabilities.
1.39.5
Affected by 0 other vulnerabilities.
1.40.1
Affected by 0 other vulnerabilities.
VCID-vvnj-ee7s-aaaq
Aliases:
CVE-2023-37302
GHSA-fmrf-p77g-vv5c
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).
1.39.4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T16:44:57.917773+00:00 GitLab Importer Affected by VCID-aus1-t1px-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 36.1.3
2025-06-20T16:27:31.522734+00:00 GitLab Importer Affected by VCID-59gg-vg2h-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 36.1.3
2025-06-20T15:52:57.036621+00:00 GitLab Importer Affected by VCID-3yrw-9sdc-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml 36.1.3
2025-06-20T15:47:31.653170+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 36.1.3
2025-06-03T23:23:06.664540+00:00 GitLab Importer Affected by VCID-aus1-t1px-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 36.1.0
2025-06-03T23:06:48.715760+00:00 GitLab Importer Affected by VCID-59gg-vg2h-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 36.1.0
2025-06-03T22:33:48.641341+00:00 GitLab Importer Affected by VCID-3yrw-9sdc-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml 36.1.0
2025-06-03T22:27:49.309769+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 36.1.0
2025-06-02T23:20:30.503572+00:00 GitLab Importer Affected by VCID-aus1-t1px-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 36.1.2
2025-06-02T23:03:30.304704+00:00 GitLab Importer Affected by VCID-59gg-vg2h-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 36.1.2
2025-06-02T22:22:28.904438+00:00 GitLab Importer Affected by VCID-3yrw-9sdc-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml 36.1.2
2025-06-02T22:16:56.854870+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 36.1.2
2025-04-03T21:39:00.102159+00:00 GitLab Importer Affected by VCID-aus1-t1px-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 36.0.0
2025-04-03T21:04:04.997779+00:00 GitLab Importer Affected by VCID-59gg-vg2h-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 36.0.0
2025-04-03T19:58:01.685534+00:00 GitLab Importer Affected by VCID-3yrw-9sdc-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml 36.0.0
2025-04-03T19:50:34.953102+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 36.0.0
2025-02-18T05:57:34.382549+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 35.1.0
2025-02-18T03:38:46.981124+00:00 GitLab Importer Affected by VCID-aus1-t1px-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 35.1.0
2025-02-18T03:16:18.961825+00:00 GitLab Importer Affected by VCID-59gg-vg2h-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 35.1.0
2025-02-18T01:41:30.830624+00:00 GitLab Importer Affected by VCID-3yrw-9sdc-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml 35.1.0
2024-11-21T02:15:00.675267+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 35.0.0
2024-11-21T00:58:28.473378+00:00 GitLab Importer Affected by VCID-aus1-t1px-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 35.0.0
2024-11-21T00:44:56.369265+00:00 GitLab Importer Affected by VCID-59gg-vg2h-aaae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml 35.0.0
2024-11-20T23:56:33.394418+00:00 GitLab Importer Affected by VCID-3yrw-9sdc-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml 35.0.0
2024-11-19T02:05:08.963418+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 34.3.2
2024-11-19T00:40:02.395494+00:00 GitLab Importer Affected by VCID-aus1-t1px-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml 34.3.2
2024-11-18T23:45:05.415036+00:00 GitLab Importer Affected by VCID-3yrw-9sdc-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml 34.3.2
2024-11-02T00:20:48.930158+00:00 GHSA Importer Affected by VCID-aus1-t1px-aaar https://github.com/advisories/GHSA-w5fx-cx7f-6vr9 34.0.2
2024-10-17T04:17:30.449463+00:00 GitLab Importer Affected by VCID-3yrw-9sdc-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2020-10959.yml 34.0.2
2024-10-08T02:32:40.399222+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 34.0.2
2024-10-07T19:51:26.289459+00:00 GHSA Importer Affected by VCID-ah5y-k5sb-aaap https://github.com/advisories/GHSA-c8wv-qwwc-6j73 34.0.2
2024-10-07T18:15:53.691929+00:00 GHSA Importer Affected by VCID-3yrw-9sdc-aaac https://github.com/advisories/GHSA-mqhw-wq8p-vf5r 34.0.2
2024-09-23T02:30:48.458245+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 34.0.1
2024-09-22T20:37:19.912514+00:00 GHSA Importer Affected by VCID-ah5y-k5sb-aaap https://github.com/advisories/GHSA-c8wv-qwwc-6j73 34.0.1
2024-09-22T18:58:33.608970+00:00 GHSA Importer Affected by VCID-3yrw-9sdc-aaac https://github.com/advisories/GHSA-mqhw-wq8p-vf5r 34.0.1
2024-05-17T15:30:39.621634+00:00 GHSA Importer Affected by VCID-3yrw-9sdc-aaac https://github.com/advisories/GHSA-mqhw-wq8p-vf5r 34.0.0rc4
2024-04-24T05:03:06.824639+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 34.0.0rc4
2024-04-24T00:40:06.710348+00:00 GHSA Importer Affected by VCID-vvnj-ee7s-aaaq None 34.0.0rc4
2024-04-23T22:00:57.958675+00:00 GHSA Importer Affected by VCID-ah5y-k5sb-aaap https://github.com/advisories/GHSA-c8wv-qwwc-6j73 34.0.0rc4
2024-01-10T02:43:44.840276+00:00 GHSA Importer Affected by VCID-vvnj-ee7s-aaaq None 34.0.0rc2