Every CVE whose affected-product data names Requarks Wiki.js, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2025-56643 — CVSS 9.1 (critical): Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued…
CVE-2026-44224 — CVSS 8.8 (high): Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array…
CVE-2020-15236 — CVSS 8.6 (high): In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache…
CVE-2021-43856 — CVSS 8.2 (high): Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file…
CVE-2021-43855 — CVSS 8.2 (high): Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload…
CVE-2022-23654 — CVSS 8.1 (high): Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can…
CVE-2021-21383 — CVSS 7.6 (high): Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through…
CVE-2021-43800 — CVSS 7.5 (high): Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage…
CVE-2022-1681 — CVSS 7.2 (high): Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user…
CVE-2020-11051 — CVSS 6.9 (medium): In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor…
CVE-2020-4052 — CVSS 6.3 (medium): In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure…
CVE-2020-15274 — CVSS 5.8 (medium): In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is…
CVE-2021-43842 — CVSS 5.4 (medium): Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG…
CVE-2021-25993 — CVSS 5.4 (medium): In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can…