mediawiki/core vulnerabilities

Free software wiki application developed by the Wikimedia Foundation and others

Direct Vulnerabilities

Known vulnerabilities in the mediawiki/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

<1.35.6 >=1.36.0, <1.36.4 >=1.37.0, <1.37.2
  • H
Denial of Service (DoS)

>=1.37.0, <1.37.2
  • M
Denial of Service (DoS)

<1.35.6 >=1.36.0, <1.36.4 >=1.37.0, <1.37.2
  • M
Access Restriction Bypass

>=0.0.0
  • M
Cross-site Scripting (XSS)

<=1.37.1
  • M
Cross-site Scripting (XSS)

<=1.37.1
  • H
Denial of Service (DoS)

>=0.0.0
  • M
Information Exposure

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • H
Insecure Permissions

>=0.0.0
  • M
Improper Authentication

>=0.0.0
  • H
Improper Authorization

>=0.0.0
  • M
Information Exposure

<1.23.16 >=1.24.0, <1.27.2 >=1.28.0, <1.28.1
  • H
Denial of Service (DoS)

>=1.37.0, <1.37.1 >=1.36.0, <1.36.3 <1.35.5
  • M
Information Exposure

>=1.37.0, <1.37.1 >=1.36.0, <1.36.3 <1.35.5
  • M
Cross-site Scripting (XSS)

>=1.37.0, <1.37.1 >=1.36.0, <1.36.3 <1.35.5
  • M
Cross-site Request Forgery (CSRF)

>=1.37.0, <1.37.1 >=1.36.0, <1.36.3 <1.35.5
  • M
Cross-site Scripting (XSS)

>=1.37.0, <1.37.1 >=1.36.0, <1.36.3 <1.35.5
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Access Control Bypass

>=0.0.0
  • H
Arbitrary File Read

>=0.0.0
  • H
Directory Traversal

>=0.0.0
  • M
Denial of Service (DoS)

>=1.36.0, <1.36.2 >=1.32.0, <1.35.4 <1.31.16
  • M
Cross-site Scripting (XSS)

>=1.36.0, <1.36.2 >=1.32.0, <1.35.4 <1.31.16
  • H
Denial of Service (DoS)

>=1.36.0, <1.36.2 >=1.32.0, <1.35.4 <1.31.16
  • M
Access Restriction Bypass

<1.31.12 >=1.32.0, <1.35.2
  • M
Access Restriction Bypass

>=1.32.0, <1.35.2 <1.31.12
  • M
Improper Access Control

>=1.32.0, <1.35.2 <1.31.13
  • M
Access Restriction Bypass

>=1.32.0, <1.35.2 <1.31.12
  • L
Access Restriction Bypass

<1.31.12 >=1.32.0, <1.35.2
  • M
Cross-site Scripting (XSS)

<1.31.12 >=1.32.0, <1.35.2
  • M
Cross-site Scripting (XSS)

<1.31.12 >=1.32.0, <1.35.2
  • M
Information Exposure

>0.0.0
  • M
Cross-site Request Forgery (CSRF)

>0.0.0
  • M
Cross-site Scripting (XSS)

>=1.32.0, <1.35.1 <1.31.11
  • L
Open Redirect

>=1.32.0, <1.35.1 <1.31.11
  • L
Information Exposure

>=1.32.0, <1.35.1 <1.31.11
  • M
Cross-site Scripting (XSS)

>=1.32.0, <1.35.1 <1.31.11
  • M
Cross-site Scripting (XSS)

>=1.33.0, <1.35.1
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=1.32.0, <1.34.4 <1.31.10
  • M
Cross-site Scripting (XSS)

>=1.32.0, <1.34.4 <1.31.10
  • H
Information Exposure

>=1.32.0, <1.34.4 <1.31.10
  • M
Improper Input Validation

>=1.31.0, <1.31.6 >=1.32.0, <1.32.6 >=1.33.0, <1.33.2 >=1.33.99, <1.34.0
  • M
Information Exposure

>=1.27.0, <1.27.5 >=1.29.0, <1.29.3 >=1.30.0, <1.30.1 >=1.31.0, <1.31.1
  • M
Improper Input Validation

>=1.27.0, <1.27.5 >=1.29.0, <1.29.3 >=1.30.0, <1.30.1 >=1.31.0, <1.31.1
  • H
Cross-site Request Forgery (CSRF)

>=1.27.0, <1.27.6 >=1.30.0, <1.30.2 >=1.31.0, <1.31.2 >=1.32.0, <1.32.2 >=1.32.99, <1.33.0
  • M
Authentication Bypass

>=1.27.0, <1.27.5 >=1.29.0, <1.29.3 >=1.30.0, <1.30.1 >=1.31.0, <1.31.1
  • H
Improper Access Control

>=1.27.0, <1.27.6 >=1.30.0, <1.30.2 >=1.31.0, <1.31.2 >=1.32.0, <1.32.2
  • H
Denial of Service (DoS)

>=1.27.0, <1.27.6 >=1.30.0, <1.30.2 >=1.31.0, <1.31.2
  • M
Information Exposure

>=1.27.0, <1.27.6 >=1.30.0, <1.30.2 >=1.31.0, <1.31.2 >=1.32.0, <1.32.2
  • M
No Rate Limit or Throttling

>=1.27.0, <1.27.6 >=1.30.0, <1.30.2 >=1.31.0, <1.31.2 >=1.32.0, <1.32.2
  • C
Authentication Bypass

>=1.27.0, <1.27.6 >=1.30.0, <1.30.2 >=1.31.0, <1.31.2 >=1.32.0, <1.32.2
  • M
Cross-site Scripting (XSS)

>=1.27.0, <1.27.6 >=1.30.0, <1.30.2 >=1.31.0, <1.31.2
  • H
Information Exposure

>=1.27.0, <1.27.6 >=1.30.0, <1.30.2 >=1.31.0, <1.31.2 >=1.32.0, <1.32.2
  • M
Improper Access Control

>=1.27.0, <1.27.6 >=1.30.0, <1.30.2 >=1.31.0, <1.31.2 >=1.32.0, <1.32.2
  • M
Insecure Permissions

>=1.31.0, <1.31.1
  • M
Cross-site Scripting (XSS)

>=1.31.0, <1.31.9 >=1.34.0, <1.34.3 >=1.34.99, <1.35.0
  • M
Open Redirect

>=1.34.0, <1.34.1
  • M
Improper Encoding or Escaping of Output

>=1.31.0, <1.31.7 >=1.33.0, <1.33.3 >=1.34.0, <1.34.1
  • M
Information Disclosure

>=1.31.0, <1.31.4 >=1.32.0, <1.32.4 >=1.33.0, <1.33.1
  • L
Information Exposure

>=1.32.0, <1.34.4 <1.31.10
  • M
Access Restriction Bypass

>=1.32.0, <1.34.4 <1.31.10
  • H
Cross-site Scripting (XSS)

>=1.31.0, <1.31.10 >=1.32.0, <1.34.4
  • H
Cross-site Scripting (XSS)

>=1.31.0, <1.31.10 >=1.32.0, <1.34.4
  • M
Cross-site Scripting (XSS)

>=1.31.0, <1.31.10 >=1.32.0, <1.34.4
  • M
Cross-site Scripting (XSS)

>=1.32.0, <1.34.4 >=1.31.0, <1.31.9