Special thanks to the people who have helped improve the security of MediaWiki, and other software supporting the Wikimedia projects!
Note: This only covers MediaWiki core and bundled extensions. While we deeply appreciate people reporting issues against other extensions, they are not covered by this page.
Todo: Where do we thank people for reporting non-MediaWiki things like parsoid vulns, or varnish config vulns?
CVE
Ticket
Reporter
MediaWiki 1.29.2, 1.28.3 and 1.27.4 (November 2017)
CVE-2017-8809 T128209 Abdullah Hussam
none
T165846 Anomie
CVE-2017-8810 T134100 Bartosz Dziewoński ("Matma Rex")
CVE-2017-8808 T178451 Bawolff
CVE-2017-8811 T176247 Bastenbas
CVE-2017-8812 T125163 Bawolff
CVE-2017-8814 T124404 Bawolff
CVE-2017-8815 T119158 Bawolff
CVE-2017-0361 T180488 Anomie
CVE-2017-9841 T180231 Tom Hutchison
MediaWiki 1.28.1, 1.27.2 and 1.23.16 (April 2017)
CVE-2017-0363 T109140 Merlijn van Deen (aka "Valhallasw")
CVE-2017-0364 T122209 Bawolff
CVE-2017-0365 T144845 Bawolff
CVE-2017-0361 T125177 Tgr
CVE-2017-0362 T150044 Legoktm
CVE-2017-0368 T156184 Bawolff
CVE-2017-0366 T151735 Cassiogomes11
CVE-2017-0370 T48143 MZMcBride
CVE-2017-0369 T108138 Luke081515
CVE-2017-0367 T161453 Bawolff
CVE-2017-0372 T158689 Yorick Koster (Securify)
MediaWiki 1.27.1, 1.26.4, 1.23.15 (August 2016)
CVE-2016-6335 T139565 , T139570 This , Schnark
CVE-2016-6334 T137264 Bawolff , Legoktm
CVE-2016-6333 T133147 Bawolff
CVE-2016-6336 T132926 Bawolff
CVE-2016-6332 T129738 Multichill
CVE-2016-6331 T115333 Church of emacs
none
T57548 PleaseStand
CVE-2016-6337 T139670 Anomie
MediaWiki 1.26.3, 1.25.6 and 1.23.14 (May 2016)
none
T122056 Unicornisaurous
none
T127114 Bawolff
none
T123653 MaxSem
none
T123071 Bawolff
none
T129506 eranroz
none
T125283 Matiia , Matanya
none
T103239 Fomafix
none
T122807 User:CSteipp (WMF) (Based on [1] by Paragon Initiative Enterprises Security Team)
none
T130947 MaxSem
none
T133507 Ori Livneh
none
T110143 Bawolff
none
T132874 Anomie
none
T127420 PleaseStand
none
T126685 CSteipp
none
T116030 CSteipp
MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 (Dec 2015)
CVE-2015-8628 T109724 Xavier Combelle
CVE-2015-8627 T97897 Vituzzu
CVE-2015-8626 T115522 Frank R. Farmer
CVE-2015-8625 T118032 User:Catrope
CVE-2015-8623 gerrit:156336 User:Anomie
CVE-2015-8624 T119309 User:Tgr (WMF)
CVE-2015-8622 T117899 Bartosz Dziewoński ("Matma Rex")
Contributor
Found
Fixed
BWolff (WMF)
CVE-2015-2933 , CVE-2015-2932
CVE-2015-8628 , CVE-2015-2933
BJorsch (WMF)
CVE-2015-8004
CVE-2015-8623 , CVE-2015-8626 , CVE-2015-8001 , CVE-2015-8002 , CVE-2015-6728 , CVE-2015-2938 , CVE-2015-8004
Brion Vibber (WMF)
CVE-2015-6735
Bsadowski1
CVE-2015-6727
CSteipp (WMF)
CVE-2015-8003 , CVE-2015-6732 , CVE-2015-6732 , CVE-2015-6728 , CVE-2015-6730 , CVE-2015-2937 , CVE-2015-2934 , CVE-2015-2936
CVE-2015-8009 , CVE-2015-8008 , CVE-2015-8003 , CVE-2015-6732 , CVE-2015-6731 , CVE-2015-6730 , CVE-2015-2931 , CVE-2015-2937 , CVE-2015-2934 , CVE-2015-2942 , CVE-2015-2932
DPatrick (WMF)
CVE-2015-8627 , CVE-2015-8005 , T98533
Frankrfarmer
CVE-2015-8626
Grunny
CVE-2015-6731 , CVE-2015-8006
CVE-2015-8006
Hoo man
CVE-2015-6736
Jackmcbarn
CVE-2015-2939
CVE-2015-2939
John Menerick
CVE-2015-6729
Legoktm
CVE-2015-8007
CVE-2015-6727 , CVE-2015-2941 , CVE-2015-2940 , CVE-2015-8007
Majr
CVE-2015-6737
MaxSem
CVE-2015-6733
CVE-2015-6734 , CVE-2015-6733
McZusatz
CVE-2015-6735
DAU Huy Ngoc
CVE-2015-6734
Parent5446
CVE-2015-2936 , CVE-2015-2935
Roan Kattouw (WMF)
CVE-2015-8625
CVE-2015-8625
RobinHood70
CVE-2015-8001
Richard Stanway
CVE-2015-8005 , CVE-2015-8002
Sitic
CVE-2015-8009 , CVE-2015-8008
Tgr (WMF)
CVE-2015-8624
CVE-2015-8624
Vituzzu
CVE-2015-8627
Xavier Combelle
CVE-2015-8628
^demon
CVE-2015-6736
