Search for packages
Package details: pkg:composer/mediawiki/core@1.36.0-rc.0
purl pkg:composer/mediawiki/core@1.36.0-rc.0
Next non-vulnerable version 1.39.5
Latest non-vulnerable version 1.40.1
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-ah5y-k5sb-aaap
Aliases:
CVE-2021-41800
GHSA-c8wv-qwwc-6j73
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.
1.36.2
Affected by 2 other vulnerabilities.
VCID-vvnj-ee7s-aaaq
Aliases:
CVE-2023-37302
GHSA-fmrf-p77g-vv5c
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).
1.39.4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T15:47:31.715989+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 36.1.3
2025-06-03T22:27:49.370899+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 36.1.0
2025-06-02T22:16:56.923138+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 36.1.2
2025-04-03T19:50:35.102732+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 36.0.0
2025-02-18T05:57:34.551701+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 35.1.0
2024-11-21T02:15:00.845062+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 35.0.0
2024-11-19T02:05:09.129677+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 34.3.2
2024-10-08T02:32:40.569242+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 34.0.2
2024-10-07T19:51:26.452167+00:00 GHSA Importer Affected by VCID-ah5y-k5sb-aaap https://github.com/advisories/GHSA-c8wv-qwwc-6j73 34.0.2
2024-09-23T02:30:48.620070+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 34.0.1
2024-09-22T20:37:20.077487+00:00 GHSA Importer Affected by VCID-ah5y-k5sb-aaap https://github.com/advisories/GHSA-c8wv-qwwc-6j73 34.0.1
2024-04-24T05:03:06.982528+00:00 GitLab Importer Affected by VCID-ah5y-k5sb-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml 34.0.0rc4
2024-04-24T00:40:06.888639+00:00 GHSA Importer Affected by VCID-vvnj-ee7s-aaaq None 34.0.0rc4
2024-04-23T22:00:58.133948+00:00 GHSA Importer Affected by VCID-ah5y-k5sb-aaap https://github.com/advisories/GHSA-c8wv-qwwc-6j73 34.0.0rc4
2024-01-10T02:43:45.019490+00:00 GHSA Importer Affected by VCID-vvnj-ee7s-aaaq None 34.0.0rc2