pkg:Bitnami/mediawiki

172 total CVEsCRITICAL12HIGH30MEDIUM124LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2024-34502An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1.
    from 0, < 1.41.1
  • CRITICAL9.8CVE-2020-10534In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked…
    from 0, < 1.34.1
  • CRITICAL9.8CVE-2021-31556An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • CRITICAL9.8CVE-2021-36126An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36.
    from 0, < 1.36.1
  • CRITICAL9.8CVE-2021-36128An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
    from 0, < 1.36.1
  • CRITICAL9.8CVE-2022-28205An issue was discovered in MediaWiki through 1.37.1.
    from 0, < 1.37.2
  • CRITICAL9.8CVE-2022-28206An issue was discovered in MediaWiki through 1.37.1.
    from 0, < 1.37.2
  • CRITICAL9.8CVE-2022-28209An issue was discovered in Mediawiki through 1.37.1.
    from 0, < 1.37.2
  • CRITICAL9.8CVE-2022-29904The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with ce…
    from 0, < 1.37.3
  • CRITICAL9.8CVE-2022-29906The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check…
    from 0, < 1.37.3
  • CRITICAL9.8CVE-2023-37303An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • CRITICAL9.8CVE-2023-29141mediawiki - security update
    from 0, < 1.35.10, >= 1.36.0, < 1.38.6, >= 1.39.0, < 1.39.3
  • HIGH8.8CVE-2020-29004The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF…
    from 0, < 1.35.1
  • HIGH8.8CVE-2020-35625An issue was discovered in the Widgets extension for MediaWiki through 1.35.1.
    from 0, < 1.35.2
  • HIGH8.8CVE-2020-35626An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1.
    from 0, < 1.35.2
  • HIGH8.8CVE-2021-36132An issue was discovered in the FileImporter extension in MediaWiki through 1.36.
    from 0, < 1.36.1
  • HIGH8.8CVE-2021-46147An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • HIGH8.8CVE-2021-41801The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control.
    from 0, < 1.31.16, >= 1.35.0, < 1.35.4, >= 1.36.0, < 1.36.2
  • HIGH7.5CVE-2024-40597An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • HIGH7.5CVE-2024-34506mediawiki - security update
    from 0, < 1.41.1
  • HIGH7.5CVE-2020-25869An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
    from 0, < 1.31.10, >= 1.32.0, < 1.34.4
  • HIGH7.5CVE-2020-26121An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4.
    from 0, < 1.34.4
  • HIGH7.5CVE-2020-29005The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclos…
    from 0, < 1.35.1
  • HIGH7.5CVE-2020-35623An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1.
    from 0, < 1.35.2
  • HIGH7.5CVE-2021-31555An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • HIGH7.5CVE-2021-36125An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
    from 0, < 1.36.1
  • HIGH7.5CVE-2021-42040An issue was discovered in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • HIGH7.5CVE-2021-46149An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • HIGH7.5CVE-2022-28204A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2.
    >= 1.37.0, < 1.37.2
  • HIGH7.5CVE-2022-28323An issue was discovered in MediaWiki through 1.37.2.
    from 0, < 1.37.3
  • HIGH7.5CVE-2022-34750An issue was discovered in MediaWiki through 1.38.1.
    from 0, < 1.38.2
  • HIGH7.5CVE-2023-45371An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40…
    from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • HIGH7.5CVE-2020-12051The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.p…
  • HIGH7.5CVE-2023-45363MediaWiki Denial of Service vulnerability
    from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • HIGH7.5CVE-2022-28203A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
    from 0, < 1.35.6, >= 1.36.0, < 1.36.4, >= 1.37.0, < 1.37.2
  • HIGH7.5CVE-2020-25827OATHAuth extension in MediaWiki is not implementing rate limit
    from 0, < 1.31.10, >= 1.32.0, < 1.34.4
  • HIGH7.5CVE-2021-44858mediawiki - security update
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • HIGH7.5CVE-2021-41799MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
    from 0, < 1.36.2
  • HIGH7.5CVE-2021-35197mediawiki - security update
    from 0, < 1.31.15, >= 1.32.0, < 1.35.3, >= 1.36.0, < 1.36.1
  • HIGH7.5CVE-2020-35475mediawiki - security update
    from 0, < 1.35.1
  • HIGH7.4CVE-2024-34507An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before…
    from 0, < 1.41.1
  • HIGH7.3CVE-2023-3550Stored XSS leads to privilege escalation in MediaWiki v1.40.0
    >= 1.40.0, < 1.40.1
  • MEDIUM6.5CVE-2024-40601An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • MEDIUM6.5CVE-2021-31548An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM6.5CVE-2021-31553An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM6.5CVE-2021-42049An issue was discovered in the Translate extension in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • MEDIUM6.5CVE-2021-46148An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • MEDIUM6.5CVE-2023-29139An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM6.5CVE-2023-45367An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.4…
    from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • MEDIUM6.5CVE-2021-44857mediawiki - security update
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • MEDIUM6.1CVE-2024-34500MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability
    from 0, < 1.41.1
  • MEDIUM6.1CVE-2020-26120XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replace…
    from 0, < 1.34.4
  • MEDIUM6.1CVE-2020-35622An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1.
    from 0, < 1.35.2
  • MEDIUM6.1CVE-2020-6163The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget temp…
    >= 1.35.0, < 1.35.1
  • MEDIUM6.1CVE-2021-31551An issue was discovered in the PageForms extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM6.1CVE-2021-42041An issue was discovered in CentralAuth in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • MEDIUM6.1CVE-2021-42043An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • MEDIUM6.1CVE-2021-42046An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • MEDIUM6.1CVE-2021-45472In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 forma…
    from 0, < 1.37.1
  • MEDIUM6.1CVE-2021-45473In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-informat…
    from 0, < 1.3.8
  • MEDIUM6.1CVE-2021-45474In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
    from 0, < 1.37.1
  • MEDIUM6.1CVE-2022-29907The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.
    from 0, < 1.37.3
  • MEDIUM6.1CVE-2023-22911An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
    from 0, < 1.35.9, >= 1.36.0, < 1.38.5, >= 1.39.0, < 1.39.1
  • MEDIUM6.1CVE-2023-37251An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM6.1CVE-2023-37254An issue was discovered in the Cargo extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM6.1CVE-2023-37255An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM6.1CVE-2023-37256An issue was discovered in the Cargo extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM6.1CVE-2023-45373An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before…
    from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • MEDIUM6.1CVE-2024-23177An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2.
    from 0, < 1.41.1
  • MEDIUM6.1CVE-2024-23179An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2.
    from 0, < 1.41.1
  • MEDIUM6.1CVE-2024-23173MediaWiki Cargo Extension Cross-site Scripting vulnerability
    from 0, < 1.41.1
  • MEDIUM6.1CVE-2023-51704mediawiki - security update
    from 0, < 1.35.14, >= 1.36.0, < 1.39.6, >= 1.40.0, < 1.40.2
  • MEDIUM6.1CVE-2023-37302MediaWiki Cross-site Scripting vulnerability
    from 0, < 1.39.4
  • MEDIUM6.1CVE-2023-36675An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4.
    from 0, < 1.35.11, >= 1.36.0, < 1.38.7, >= 1.39.0, < 1.39.4
  • MEDIUM6.1CVE-2022-34912An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1.
    from 0, < 1.37.3, >= 1.38.0, < 1.38.1
  • MEDIUM6.1CVE-2022-34911An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1.
    from 0, < 1.35.7, >= 1.36.0, < 1.37.3, >= 1.38.0, < 1.38.1
  • MEDIUM6.1CVE-2020-25815MediaWiki Cross-site Scripting (XSS) vulnerability
    >= 1.32.0, < 1.34.4
  • MEDIUM6.1CVE-2020-25828MediaWiki Cross-site Scripting (XSS) vulnerability
    >= 1.31.10, < 1.31.11, >= 1.32.0, < 1.34.4
  • MEDIUM6.1CVE-2020-25814MediaWiki Cross-site Scripting (XSS) vulnerability
    from 0, < 1.31.10, >= 1.32.0, < 1.34.4
  • MEDIUM6.1CVE-2020-25812MediaWiki Cross-site Scripting (XSS) vulnerability
    >= 1.34.0, < 1.34.4
  • MEDIUM6.1CVE-2020-10959MediaWiki Open Redirect vulnerability
    from 0, < 1.35.0
  • MEDIUM6.1CVE-2022-28202An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
    from 0, < 1.35.6, >= 1.36.0, < 1.36.4, >= 1.37.0, < 1.37.2
  • MEDIUM6.1CVE-2021-41798MediaWiki before 1.36.2 allows XSS.
    from 0, < 1.36.2
  • MEDIUM6.1CVE-2021-30157An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
    from 0, < 1.31.12, >= 1.32.0, < 1.35.2
  • MEDIUM6.1CVE-2021-30154An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
    from 0, < 1.31.12, >= 1.32.0, < 1.35.2
  • MEDIUM6.1CVE-2020-35479MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
    >= 1.12.0, < 1.35.1
  • MEDIUM6.1CVE-2020-35478MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
    >= 1.33.0, < 1.35.1
  • MEDIUM6.1CVE-2020-35474In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentch…
    from 0, < 1.35.1
  • MEDIUM5.5CVE-2022-47927mediawiki - security update
    from 0, < 1.35.9, >= 1.36.0, < 1.38.5, >= 1.39.0, < 1.39.1
  • MEDIUM5.4CVE-2020-27957The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data.
    from 0, < 1.35.1
  • MEDIUM5.4CVE-2020-29003The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or S…
    from 0, < 1.35.1
  • MEDIUM5.4CVE-2021-31550An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM5.4CVE-2021-31552An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM5.4CVE-2021-31554An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM5.4CVE-2021-42045An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • MEDIUM5.4CVE-2021-42047An issue was discovered in the Growth extension in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • MEDIUM5.4CVE-2021-46146An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • MEDIUM5.4CVE-2023-22910An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
    from 0, < 1.35.9, >= 1.36.0, < 1.38.5, >= 1.39.0, < 1.39.1
  • MEDIUM5.4CVE-2023-37304An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM5.4CVE-2024-23171An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before…
    from 0, < 1.41.1
  • MEDIUM5.4CVE-2024-23172An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40…
    from 0, < 1.41.1
  • MEDIUM5.4CVE-2024-23174An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.4…
    from 0, < 1.41.1
  • MEDIUM5.4CVE-2024-23178An issue was discovered in the Phonos extension in MediaWiki before 1.40.2.
    from 0, < 1.41.1
  • MEDIUM5.4CVE-2023-45360An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
    from 0, < 1.35.12, >= 1.39.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • MEDIUM5.4CVE-2021-44855An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • MEDIUM5.3CVE-2020-35624An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1.
    from 0, < 1.35.2
  • MEDIUM5.3CVE-2021-31545An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM5.3CVE-2021-45471In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
    from 0, < 1.37.1
  • MEDIUM5.3CVE-2022-39193An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x.
    >= 1.39.0, < 1.39.2
  • MEDIUM5.3CVE-2023-22909An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
    from 0, < 1.35.9, >= 1.36.0, < 1.38.5, >= 1.39.0, < 1.39.1
  • MEDIUM5.3CVE-2023-22912An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
    from 0, < 1.35.9, >= 1.36.0, < 1.38.5, >= 1.39.0, < 1.39.1
  • MEDIUM5.3CVE-2023-29140An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM5.3CVE-2023-37300An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM5.3CVE-2023-37301An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM5.3CVE-2023-37305An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM5.3CVE-2023-45370An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1…
    from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • MEDIUM5.3CVE-2023-45372An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40…
    from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • MEDIUM5.3CVE-2023-45374An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1…
    from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • MEDIUM5.3CVE-2023-45364An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1.
    >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • MEDIUM5.3CVE-2023-36674An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1.
    from 0, < 1.35.11, >= 1.36.0, < 1.38.7, >= 1.39.0, < 1.39.4, >= 1.40.0, < 1.40.1
  • MEDIUM5.3CVE-2022-41767An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3.
    from 0, < 1.35.8, >= 1.36.0, < 1.37.5, >= 1.38.0, < 1.38.3
  • MEDIUM5.3CVE-2022-41765mediawiki - security update
    from 0, < 1.35.8, >= 1.36.0, < 1.37.5, >= 1.38.0, < 1.38.3
  • MEDIUM5.3CVE-2021-44856mediawiki - security update
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • MEDIUM5.3CVE-2021-44854mediawiki - security update
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • MEDIUM5.3CVE-2021-41800MediaWiki allows a denial of service
    from 0, < 1.36.2
  • MEDIUM5.3CVE-2020-25813mediawiki - security update
    from 0, < 1.31.10, >= 1.32.0, < 1.34.4
  • MEDIUM5.3CVE-2020-10960mediawiki - security update
    from 0, < 1.34.1
  • MEDIUM5.3CVE-2021-45038An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • MEDIUM5.3CVE-2021-30158An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
    from 0, < 1.31.12, >= 1.32.0, < 1.35.2
  • MEDIUM5.3CVE-2020-35480An issue was discovered in MediaWiki before 1.35.1.
    from 0, < 1.35.1
  • MEDIUM5.3CVE-2020-35477MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations.
    from 0, < 1.35.1
  • MEDIUM4.9CVE-2022-39194An issue was discovered in the MediaWiki through 1.38.2.
    from 0, < 1.38.3
  • MEDIUM4.8CVE-2024-40599An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • MEDIUM4.8CVE-2024-40600An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • MEDIUM4.8CVE-2024-40602An issue was discovered in the Tempo skin for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • MEDIUM4.8CVE-2024-40604An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • MEDIUM4.8CVE-2024-40605An issue was discovered in the Foreground skin for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • MEDIUM4.8CVE-2020-29002includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administ…
    from 0, < 1.35.1
  • MEDIUM4.8CVE-2021-36130An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36.
    from 0, < 1.36.1
  • MEDIUM4.8CVE-2021-36131An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36.
    from 0, < 1.36.1
  • MEDIUM4.8CVE-2021-42042An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • MEDIUM4.8CVE-2021-42044An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • MEDIUM4.8CVE-2021-42048An issue was discovered in the Growth extension in MediaWiki through 1.36.2.
    from 0, < 1.36.3
  • MEDIUM4.8CVE-2021-46150An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
    from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
  • MEDIUM4.4CVE-2022-28201An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
    from 0, < 1.35.6, >= 1.36.0, < 1.36.4, >= 1.37.0, < 1.37.2
  • MEDIUM4.3CVE-2024-40596An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • MEDIUM4.3CVE-2024-40598An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • MEDIUM4.3CVE-2024-40603An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1.
    from 0, < 1.44.0
  • MEDIUM4.3CVE-2020-27621The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address.
    from 0, < 1.35.1
  • MEDIUM4.3CVE-2021-30156An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
    from 0, < 1.31.12, >= 1.32.0, < 1.35.2
  • MEDIUM4.3CVE-2021-31546An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM4.3CVE-2021-31547An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM4.3CVE-2021-31549An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
    from 0, < 1.35.3
  • MEDIUM4.3CVE-2021-36127An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
    from 0, < 1.36.1
  • MEDIUM4.3CVE-2021-36129An issue was discovered in the Translate extension in MediaWiki through 1.36.
    from 0, < 1.36.1
  • MEDIUM4.3CVE-2022-29903The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages…
    from 0, < 1.37.3
  • MEDIUM4.3CVE-2022-29905The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.
    from 0, < 1.37.3
  • MEDIUM4.3CVE-2022-41766An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3.
    from 0, < 1.35.8, >= 1.36.0, < 1.37.5, >= 1.38.0, < 1.38.3
  • MEDIUM4.3CVE-2023-22945In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMen…
    from 0, < 1.39.1
  • MEDIUM4.3CVE-2023-29137An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3.
    from 0, < 1.39.4
  • MEDIUM4.3CVE-2023-45369An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.…
    from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • MEDIUM4.3CVE-2023-45362An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
    from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
  • MEDIUM4.3CVE-2021-30153An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2.
    from 0, < 1.31.13, >= 1.32.0, < 1.35.2
  • MEDIUM4.3CVE-2021-30159An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
    from 0, < 1.31.12, >= 1.32.0, < 1.35.2
  • MEDIUM4.3CVE-2021-30155An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
    from 0, < 1.31.12, >= 1.32.0, < 1.35.2
  • MEDIUM4.3CVE-2021-30152An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2.
    from 0, < 1.31.13, >= 1.32.0, < 1.35.2
  • LOW3.1CVE-2020-15005mediawiki - security update
    from 0, < 1.31.8, >= 1.32.0, < 1.33.4, >= 1.34.0, < 1.34.2
  • CVE-2025-3469i18n XSS vulnerability in HTMLMultiSelectField when sections are used
    from 0, < 1.43.1
  • CVE-2025-32699Potential javascript injection attack enabled by Unicode normalization in Action API
    from 0, < 1.41.1, >= 1.42.0, < 1.43.1
  • CVE-2025-32698LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions
    from 0, < 1.41.1, >= 1.42.0, < 1.43.1
  • CVE-2025-32697Cascading protection is not preventing file reversions
    from 0, < 1.43.1
  • CVE-2025-32696"reupload-own" restriction can be bypassed by reverting file
    from 0, < 1.43.1