Mediawiki
Source repositories
CVEs (100)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62656 | Med | 0.38 | — | 0.00 | Oct 20, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44. | ||
| CVE-2017-0370 | Med | 0.35 | 5.3 | 0.01 | Apr 13, 2018 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | ||
| CVE-2017-0366 | Med | 0.35 | 5.4 | 0.01 | Apr 13, 2018 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. | ||
| CVE-2015-8627 | Med | 0.35 | 5.3 | 0.01 | Mar 23, 2017 | MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not… | ||
| CVE-2026-5762 | Med | 0.34 | — | 0.00 | Apr 7, 2026 | Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS. This issue was remediated only on the `master` branch. | ||
| CVE-2025-6594 | Med | 0.31 | 4.7 | 0.00 | Feb 2, 2026 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. This issue affects… | ||
| CVE-2025-6590 | Med | 0.30 | — | 0.00 | Feb 2, 2026 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1,… | ||
| CVE-2025-67476 | Med | 0.28 | 4.3 | 0.00 | Feb 3, 2026 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. | ||
| CVE-2026-34093 | Med | 0.27 | 5.3 | 0.00 | May 11, 2026 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | ||
| CVE-2026-34094 | Low | 0.18 | 3.8 | 0.00 | May 11, 2026 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | ||
| CVE-2025-23074 | Low | 0.16 | 2.4 | 0.00 | Jan 14, 2025 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from… | ||
| CVE-2025-6927 | Low | 0.15 | — | 0.00 | Feb 2, 2026 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0. | ||
| CVE-2025-6593 | Low | 0.14 | — | 0.00 | Feb 2, 2026 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0. | ||
| CVE-2025-6589 | Low | 0.14 | — | 0.00 | Feb 2, 2026 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: >= 1.42.0. | ||
| CVE-2025-32699 | Low | 0.14 | — | 0.00 | Apr 10, 2025 | Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2. | ||
| CVE-2025-32698 | Low | 0.14 | — | 0.00 | Apr 10, 2025 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. | ||
| CVE-2014-1610 | 0.06 | — | 0.43 | Jan 30, 2014 | MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w… | |||
| CVE-2025-67479 | Non | 0.00 | — | 0.00 | Feb 3, 2026 | Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Cite:… | ||
| CVE-2025-11261 | 0.00 | — | 0.00 | Feb 3, 2026 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki:… | |||
| CVE-2025-61644 | Non | 0.00 | — | 0.00 | Feb 3, 2026 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects… |
- risk 0.38cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44.
- risk 0.35cvss 5.3epss 0.01
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
- risk 0.35cvss 5.4epss 0.01
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
- risk 0.35cvss 5.3epss 0.01
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not…
- risk 0.34cvss —epss 0.00
Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS. This issue was remediated only on the `master` branch.
- risk 0.31cvss 4.7epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. This issue affects…
- risk 0.30cvss —epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1,…
- risk 0.28cvss 4.3epss 0.00
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
- risk 0.27cvss 5.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
- risk 0.18cvss 3.8epss 0.00
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
- risk 0.16cvss 2.4epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from…
- risk 0.15cvss —epss 0.00
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.
- risk 0.14cvss —epss 0.00
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.
- risk 0.14cvss —epss 0.00
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: >= 1.42.0.
- risk 0.14cvss —epss 0.00
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.
- risk 0.14cvss —epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.
- CVE-2014-1610Jan 30, 2014risk 0.06cvss —epss 0.43
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w…
- risk 0.00cvss —epss 0.00
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Cite:…
- CVE-2025-11261Feb 3, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki:…
- risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects…
Page 2 of 5