pkg:Debian/mediawiki

All known vulnerabilities

• CRITICAL9.8CVE-2025-67484Vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.35.13-1+deb11u6
• CRITICAL9.8CVE-2023-29141mediawiki - security update
  from 0, < 1:1.35.11-1~deb11u1
• CRITICAL9.8CVE-2023-29141mediawiki - security update
  from 0, < 1:1.35.11-1~deb11u1
• CRITICAL9.8mediawiki - security update
  from 0, < 1:1.31.16-1+deb10u6
• CRITICAL9.8Wikimedia MediaWiki Incorrect Access Control vulnerability
  from 0, < 1:1.31.2-1
• CRITICAL9.8Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabiliti…
  from 0, < 1:1.27.3-1
• CRITICAL9.8api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
  from 0, < 1:1.27.4-1
• CRITICAL9.8The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generat…
  from 0, < 1:1.25.5-1
• HIGH8.8Vulnerability in Wikimedia Foundation CheckUser.
  from 0, < 1:1.35.13-1+deb11u6
• HIGH8.8Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue a…
  from 0, < 1:1.35.13-1+deb11u4
• HIGH8.8Wikimedia MediaWiki allows CSRF
  from 0, < 1:1.31.2-1
• HIGH8.8The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control.
  from 0, < 1:1.35.4-1~deb11u1
• HIGH8.8Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system…
  from 0, < 1:1.27.2-1
• HIGH8.8Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF toke…
  from 0, < 1:1.27.2-1
• HIGH8.8The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x…
  from 0, < 1:1.25.5-1
• HIGH8.8The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparis…
  from 0, < 1:1.25.5-1
• HIGH8.1MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-depende…
  from 0, < 1:1.19.2-1
• HIGH8.0Cross-domain cookie leakage in Guzzle
  from 0, < 1:1.35.8-1~deb11u1
• HIGH7.8Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
  from 0, < 1:1.27.2-1
• HIGH7.7Change in port should be considered a change in origin
  from 0, < 1:1.35.8-1~deb11u1
• HIGH7.7CURLOPT_HTTPAUTH option not cleared on change of origin
  from 0, < 1:1.35.8-1~deb11u1
• HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.39.17-1+deb12u2
• HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.43.8+dfsg-1~deb13u1
• HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
  from 0
• HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.
  from 0
• HIGH7.5(no summary)
  from 0
• HIGH7.5mediawiki - security update
  from 0, < 1:1.35.13-1+deb11u2
• HIGH7.5mediawiki - security update
  from 0, < 1:1.35.13-1+deb11u2
• HIGH7.5MediaWiki Denial of Service vulnerability
  from 0, < 1:1.35.13-1~deb11u1
• HIGH7.5A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
  from 0, < 1:1.35.8-1~deb11u1
• HIGH7.5Fix failure to strip Authorization header on HTTP downgrade in Guzzle
  from 0, < 1:1.35.8-1~deb11u1
• HIGH7.5Guzzle is an open source PHP HTTP client.
  from 0, < 1:1.35.8-1~deb11u1
• HIGH7.5OATHAuth extension in MediaWiki is not implementing rate limit
  from 0, < 1:1.35.0-1
• HIGH7.5Wikimedia information leak vulnerability
  from 0, < 1:1.31.2-1
• HIGH7.5Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
  from 0, < 1:1.31.2-1
• HIGH7.5MediaWiki Incorrect Access Control vulnerability
  from 0, < 1:1.31.2-1
• HIGH7.5MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresse…
  from 0, < 1:1.27.2-1
• HIGH7.5mediawiki - security update
  from 0, < 1:1.27.7-1+deb9u11
• HIGH7.5mediawiki - security update
  from 0, < 1:1.35.4-1+deb11u2
• HIGH7.5MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
  from 0, < 1:1.35.4-1~deb11u1
• HIGH7.5mediawiki - security update
  from 0, < 1:1.31.16-1~deb10u1
• HIGH7.5mediawiki - security update
  from 0, < 1:1.35.4-1~deb11u1
• HIGH7.5mediawiki - security update
  from 0, < 1:1.27.7-1~deb9u10
• HIGH7.5mediawiki - security update
  from 0, < 1:1.35.2-1
• HIGH7.5mediawiki - security update
  from 0, < 1:1.31.14-1~deb10u1
• HIGH7.5mediawiki - security update
  from 0, < 1:1.27.7-1~deb9u8
• HIGH7.5pygments - security update
  from 0, < 1:1.35.2-1
• HIGH7.5mediawiki - security update
  from 0, < 1:1.35.1-1
• HIGH7.5mediawiki - security update
  from 0, < 1:1.31.12-1~deb10u1
• HIGH7.5Regular Expression Denial of Service in papaparse
  from 0, < 1:1.35.11-1~deb11u1
• HIGH7.5The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to ca…
  from 0, < 1:1.19.8+dfsg-2.2
• HIGH7.5MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive…
  from 0, < 1:1.19.4-1
• HIGH7.5MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a spec…
  from 0, < 1:1.19.4-1
• HIGH7.5mediawiki allows deleted text to be exposed
  from 0, < 1:1.15.5-6
• HIGH7.5The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via gl…
  from 0, < 1:1.27.4-1
• HIGH7.5The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside t…
  from 0, < 1:1.27.4-1
• HIGH7.5MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messag…
  from 0, < 1:1.27.4-1
• HIGH7.5MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create…
  from 0, < 1:1.19.2-1
• HIGH7.5MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the User…
  from 0, < 1:1.27.1-1
• HIGH7.5MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, whic…
  from 0, < 1:1.27.1-1
• HIGH7.5MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers…
  from 0, < 1:1.27.1-1
• HIGH7.5ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title r…
  from 0, < 1:1.27.1-1
• HIGH7.4An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before…
  from 0, < 1:1.39.7-1~deb12u1
• HIGH7.3mediawiki - security update
  from 0, < 1:1.31.16-1+deb10u7
• HIGH7.3mediawiki - security update
  from 0, < 1:1.35.13-1~deb11u1
• HIGH7.3mediawiki - security update
  from 0, < 1:1.35.13-1~deb11u1
• MEDIUM6.5Vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.35.13-1+deb11u6
• MEDIUM6.5An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1.
  from 0, < 1:1.39.5-1~deb12u1
• MEDIUM6.5MediaWiki Incorrect Access Control vulnerability
  from 0, < 1:1.31.2-1
• MEDIUM6.5Wikimedia MediaWik exposed suppressed log in RevisionDelete page
  from 0, < 1:1.31.2-1
• MEDIUM6.5Mediawiki BotPassword can bypass CentralAuth's account lock
  from 0, < 1:1.31.1-1
• MEDIUM6.5Mediawiki information disclosure vulnerability
  from 0, < 1:1.31.1-1
• MEDIUM6.5mediawiki - security update
  from 0, < 1:1.35.4-1+deb11u2
• MEDIUM6.5mediawiki - security update
  from 0, < 1:1.35.4-1+deb11u2
• MEDIUM6.5Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
  from 0, < 1:1.27.2-1
• MEDIUM6.5MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to…
  from 0, < 1:1.19.2-1
• MEDIUM6.5MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to byp…
  from 0, < 1:1.27.1-1
• MEDIUM6.1Vulnerability in Wikimedia Foundation MediaWiki.
  from 0
• MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.43.6+dfsg-1~deb13u1
• MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.35.13-1+deb11u6
• MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.43.6+dfsg-1~deb13u1
• MEDIUM6.1mediawiki - security update
  from 0, < 1:1.35.13-1+deb11u6
• MEDIUM6.1mediawiki - security update
  from 0, < 1:1.35.13-1+deb11u6
• MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEdi…
  from 0, < 1:1.35.13-1+deb11u5
• MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEdi…
  from 0, < 1:1.35.13-1+deb11u5
• MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.35.13-1+deb11u5
• MEDIUM6.1Vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.35.13-1+deb11u5
• MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.43.6+dfsg-1~deb13u1
• MEDIUM6.1Vulnerability in Wikimedia Foundation MediaWiki.
  from 0, < 1:1.35.13-1+deb11u5
• MEDIUM6.1An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1.
  from 0, < 1:1.39.5-1~deb12u1
• MEDIUM6.1mediawiki - security update
  from 0, < 1:1.35.13-1+deb11u3
• MEDIUM6.1mediawiki - security update
  from 0, < 1:1.31.16-1+deb10u8
• MEDIUM6.1mediawiki - security update
  from 0, < 1:1.35.13-1+deb11u3
• MEDIUM6.1An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4.
  from 0, < 1:1.35.11-1~deb11u1
• MEDIUM6.1An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1.
  from 0, < 1:1.35.8-1~deb11u1
• MEDIUM6.1An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1.
  from 0, < 1:1.35.8-1~deb11u1
• MEDIUM6.1Wikimedia Parsoid vulnerable to Cross-site Scripting (XSS)
  from 0, < 1:1.35.2-1
• MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
  from 0, < 1:1.35.0-1
• MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
  from 0, < 1:1.35.0-1
• MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
  from 0, < 1:1.35.0-1