CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

EUVD-2013-4197

Malware in sbrugna...

EUVD-2019-8341

Malware in sbrugna...

EUVD-2021-31657

Malicious code in bioql PyPI...

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users blocked in ApiManageMentorList to enroll as mentors or edit any of their mentorship-related properties...

GHSA-2QRR-C2GH-PR35 Wikimedia information leak vulnerability

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

DEBIAN-CVE-2021-30152

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for...

CVE-2013-4303

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." period characters in a string, which allows remote attackers to conduct cross-site...

UBUNTU-CVE-2013-4303

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." period characters in a string, which allows remote attackers to conduct cross-site...

Design/Logic Flaw

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

Updated mediawiki package fixes security vulnerabilities

Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader CVE-2013-4301. Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP CVE-2013-4302. An issue with the MediaWiki API in MediaWiki before 1.20.7 where ...