mediawiki/core vulnerabilities

Free software wiki application developed by the Wikimedia Foundation and others

Latest version: 1.34.0

Licenses detected

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the mediawiki/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • M
Access Restriction Bypass
<1.31.12,>=1.32.0, <1.35.2 Not available 09 Apr, 2021
  • M
Access Restriction Bypass
>=1.32.0, <1.35.2,<1.31.12 Not available 09 Apr, 2021
  • M
Improper Access Control
>=1.32.0, <1.35.2,<1.31.13 Not available 09 Apr, 2021
  • M
Access Restriction Bypass
>=1.32.0, <1.35.2,<1.31.12 Not available 09 Apr, 2021
  • L
Access Restriction Bypass
<1.31.12,>=1.32.0, <1.35.2 Not available 06 Apr, 2021
  • M
Cross-site Scripting (XSS)
<1.31.12,>=1.32.0, <1.35.2 Not available 06 Apr, 2021
  • M
Cross-site Scripting (XSS)
<1.31.12,>=1.32.0, <1.35.2 Not available 06 Apr, 2021
  • M
Information Exposure
>0.0.0 Not available 02 Feb, 2021
  • M
Cross-site Request Forgery (CSRF)
>0.0.0 Not available 31 Jan, 2021
  • M
Cross-site Scripting (XSS)
>=0.0.0 Not available 21 Dec, 2020
  • L
Open Redirect
>=0.0.0 Not available 21 Dec, 2020
  • M
Cross-site Scripting (XSS)
>=0.0.0 Not available 21 Dec, 2020
  • L
Information Exposure
>=0.0.0 Not available 21 Dec, 2020
  • M
Cross-site Scripting (XSS)
>=1.33.0 Not available 21 Dec, 2020
  • M
Cross-site Scripting (XSS)
>=0.0.0 Not available 21 Dec, 2020
  • M
Cross-site Scripting (XSS)
>=0.0.0 Not available 03 Dec, 2020
  • M
Cross-site Scripting (XSS)
>=0.0.0 Not available 03 Dec, 2020
  • H
Information Exposure
>=0.0.0 Not available 03 Dec, 2020
  • M
Improper Input Validation
>=1.31.0, <1.31.6,>=1.32.0, <1.32.6,>=1.33.0, <1.33.2,>=1.33.99, <1.34.0 Not available 19 Nov, 2020
  • M
Information Exposure
>=1.27.0, <1.27.5,>=1.29.0, <1.29.3,>=1.30.0, <1.30.1,>=1.31.0, <1.31.1 Not available 19 Nov, 2020
  • M
Improper Input Validation
>=1.27.0, <1.27.5,>=1.29.0, <1.29.3,>=1.30.0, <1.30.1,>=1.31.0, <1.31.1 Not available 19 Nov, 2020
  • H
Cross-site Request Forgery (CSRF)
>=1.27.0, <1.27.6,>=1.30.0, <1.30.2,>=1.31.0, <1.31.2,>=1.32.0, <1.32.2,>=1.32.99, <1.33.0 Not available 19 Nov, 2020
  • M
Authentication Bypass
>=1.27.0, <1.27.5,>=1.29.0, <1.29.3,>=1.30.0, <1.30.1,>=1.31.0, <1.31.1 Not available 19 Nov, 2020
  • H
Improper Access Control
>=1.27.0, <1.27.6,>=1.30.0, <1.30.2,>=1.31.0, <1.31.2,>=1.32.0, <1.32.2 Not available 19 Nov, 2020
  • H
Denial of Service (DoS)
>=1.27.0, <1.27.6,>=1.30.0, <1.30.2,>=1.31.0, <1.31.2 Not available 19 Nov, 2020
  • M
Information Exposure
>=1.27.0, <1.27.6,>=1.30.0, <1.30.2,>=1.31.0, <1.31.2,>=1.32.0, <1.32.2 Not available 19 Nov, 2020
  • M
No Rate Limit or Throttling
>=1.27.0, <1.27.6,>=1.30.0, <1.30.2,>=1.31.0, <1.31.2,>=1.32.0, <1.32.2 Not available 19 Nov, 2020
  • H
Authentication Bypass
>=1.27.0, <1.27.6,>=1.30.0, <1.30.2,>=1.31.0, <1.31.2,>=1.32.0, <1.32.2 Not available 19 Nov, 2020
  • M
Cross-site Scripting (XSS)
>=1.27.0, <1.27.6,>=1.30.0, <1.30.2,>=1.31.0, <1.31.2 Not available 19 Nov, 2020