Packagist/mediawiki/core — 28 CVEs

Loading…

All known vulnerabilities

CRITICAL9.8CVE-2023-29141X-Forwarded-For header allows brute-forcing autoblocked IP addresses

>= 1.39.0, < 1.39.3

CRITICAL9.8CVE-2019-12468Wikimedia MediaWiki Incorrect Access Control vulnerability

>= 1.27.0, < 1.27.6

HIGH8.8Wikimedia MediaWiki allows CSRF

>= 1.27.0, < 1.27.6

HIGH7.5MediaWiki Denial of Service vulnerability

from 0, < 1.35.12

HIGH7.5OATHAuth extension in MediaWiki is not implementing rate limit

>= 1.31.0, < 1.31.9

HIGH7.5Wikimedia information leak vulnerability

>= 1.27.0, < 1.27.6

HIGH7.5Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple

>= 1.27.0, < 1.27.6

HIGH7.5MediaWiki Incorrect Access Control vulnerability

>= 1.18.0, < 1.27.6

MEDIUM6.5Wikimedia MediaWik exposed suppressed log in RevisionDelete page

>= 1.27.0, < 1.27.6

MEDIUM6.5MediaWiki Incorrect Access Control vulnerability

>= 1.27.0, < 1.27.6

MEDIUM6.5Mediawiki BotPassword can bypass CentralAuth's account lock

>= 1.27.0, < 1.27.5

MEDIUM6.5Mediawiki information disclosure vulnerability

>= 1.27.0, < 1.27.5

MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability

>= 1.31.0, < 1.31.9

MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability

>= 1.32.0, < 1.34.3

MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability

>= 1.31.0, < 1.31.9

MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability

>= 1.34.0, < 1.34.3

MEDIUM6.1MediaWiki Open Redirect vulnerability

from 0, < 1.34.0-rc.0

MEDIUM6.1Possible to circumvent title-blacklist

>= 1.31.0, < 1.31.6

MEDIUM6.1MediaWiki Cross-site Scripting (XSS)

>= 1.27.0, < 1.27.6

MEDIUM5.3MediaWiki allows a denial of service

from 0, < 1.36.2

MEDIUM5.3MediaWiki Special:UserRights exposes the existence of hidden users

>= 1.31.0, < 1.31.9

MEDIUM5.3MediaWiki makeCollapsible allows applying event handler to any CSS selector

>= 1.31.0, < 1.31.7

MEDIUM5.3MediaWiki information disclosure

>= 1.31.0, < 1.31.4

MEDIUM5.3MediaWiki Incorrect Access Control vulnerability

from 0, < 1.27.6

MEDIUM5.3Mediawiki tarball is missing .htaccess files

>= 1.31.0, < 1.31.1

MEDIUM4.3Mediawiki Improper Privilege Management

>= 1.27.0, < 1.27.5

LOW3.1img_auth.php may leak private extension images into the public cache

from 0, < 1.31.8

—Cross-site scripting vulnerability in includes/actions/InfoAction.php

from 0, < 1.21.9

pkg:Packagist/mediawiki/core

✅ Check your installed version

All known vulnerabilities