the wikimedia foundation

Top products

The 15 most recently published vulnerabilities affecting the wikimedia foundation.

• CVE-2026-22712ApprovedRevs allows bypassing the inline CSS sanitizer4.3Jan 9, 2026
• CVE-2026-22713Stored XSS through edit summaries in GrowthExperiments5.4Jan 9, 2026
• CVE-2026-22710Stored XSS through autocomment system messages in Wikibase5.4Jan 8, 2026
• CVE-2025-32079Saving the right content to MediaWiki:GrowthMentors.json can take down the site6.5Apr 11, 2025
• CVE-2025-32072HTML injection in feed output from i18n message8.3Apr 11, 2025
• CVE-2025-32073System message XSS in HTMLTags5.4Apr 11, 2025
• CVE-2025-32074XSSes in Extension:ConfirmAccount5.4Apr 11, 2025
• CVE-2025-32067i18n XSS vulnerability in message growthexperiments5.4Apr 11, 2025
• CVE-2025-32068Revoking authorization of OAuth2 consumer does not invalidate refresh tokens5.4Apr 11, 2025
• CVE-2025-32069Wikitext stored XSS on filepages due to dangerous WBMI serialization5.4Apr 11, 2025
• CVE-2025-32070XSSes in AJAXPoll5.4Apr 11, 2025
• CVE-2025-32071Wikibase CommonsInlineImageFormatter: i18n XSS5.4Apr 11, 2025
• CVE-2024-47841Path traversal when loading stylesheets7.5Oct 5, 2024
• CVE-2024-47840Stored XSS through sidebar in Apex skin4.8Oct 5, 2024
• CVE-2024-47847Various XSSes found in Cargo6.1Oct 5, 2024