Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/156837?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/156837?format=api", "purl": "pkg:composer/drupal/drupal@8.0-alpha12", "type": "composer", "namespace": "drupal", "name": "drupal", "version": "8.0-alpha12", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.2.11", "latest_non_vulnerable_version": "11.0.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10242?format=api", "vulnerability_id": "VCID-3hf4-tvxn-zyh4", "summary": "Files uploaded by anonymous users accessed by other users\nPrivate files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core does not provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82674", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.8274", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82744", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82732", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82726", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.82704", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01788", "scoring_system": "epss", "scoring_elements": "0.8269", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6922", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6922" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3897", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2017/dsa-3897" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-003" }, { "reference_url": "http://www.securityfocus.com/bid/99219", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/99219" }, { "reference_url": "http://www.securitytracker.com/id/1038781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038781" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-58f3-cx8p-h8jg", "reference_id": "GHSA-58f3-cx8p-h8jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-58f3-cx8p-h8jg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29923?format=api", "purl": "pkg:composer/drupal/drupal@8.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4" } ], "aliases": [ "CVE-2017-6922", "GHSA-58f3-cx8p-h8jg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hf4-tvxn-zyh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8826?format=api", "vulnerability_id": "VCID-48ut-ykkc-83fx", "summary": "Comment reply form allows access to restricted content\nUsers with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.", "references": [ { "reference_url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926", "reference_id": "", "reference_type": "", "scores": [], "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58547", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58437", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58522", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58542", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58564", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58571", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58587", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58567", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6926" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6926", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6926" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "https://github.com/advisories/GHSA-2p28-5mvp-2j2r", "reference_id": "GHSA-2p28-5mvp-2j2r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p28-5mvp-2j2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26565?format=api", "purl": "pkg:composer/drupal/drupal@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5" } ], "aliases": [ "CVE-2017-6926", "GHSA-2p28-5mvp-2j2r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48ut-ykkc-83fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7519?format=api", "vulnerability_id": "VCID-4wwt-vt76-dbe1", "summary": "Cross-site Scripting in HTTP exceptions\nAn attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.6002", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60045", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.59943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60068", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60085", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60079", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60065", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60015", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7571" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7571", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7571" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-004" }, { "reference_url": "http://www.securityfocus.com/bid/93101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/93101" }, { "reference_url": "http://www.securitytracker.com/id/1036886", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1036886" }, { "reference_url": "https://github.com/advisories/GHSA-vhg8-x858-7wq6", "reference_id": "GHSA-vhg8-x858-7wq6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vhg8-x858-7wq6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23190?format=api", "purl": "pkg:composer/drupal/drupal@8.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10" } ], "aliases": [ "CVE-2016-7571", "GHSA-vhg8-x858-7wq6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wwt-vt76-dbe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10652?format=api", "vulnerability_id": "VCID-636u-5bdw-puh4", "summary": "Cross-site Scripting\nIn Symfony, validation messages are not escaped, which can lead to XSS when user input is included.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58747", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58814", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58795", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58736", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58768", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58663", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2" }, { "reference_url": "https://www.drupal.org/sa-core-2019-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-005" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10909", "reference_id": "CVE-2019-10909", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10909" }, { "reference_url": "https://symfony.com/cve-2019-10909", "reference_id": "CVE-2019-10909", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-10909" }, { "reference_url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine", "reference_id": "CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine" }, { "reference_url": "https://github.com/advisories/GHSA-g996-q5r8-w7g2", "reference_id": "GHSA-g996-q5r8-w7g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g996-q5r8-w7g2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36482?format=api", "purl": "pkg:composer/drupal/drupal@8.5.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/36483?format=api", "purl": "pkg:composer/drupal/drupal@8.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.15" } ], "aliases": [ "CVE-2019-10909", "GHSA-g996-q5r8-w7g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-636u-5bdw-puh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8827?format=api", "vulnerability_id": "VCID-9f24-vqyt-r7dq", "summary": "Language fallback can be incorrect on multilingual sites with node access restrictions\nWhen using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records(). Note that the update will mark the node access tables as needing a rebuild, which will take a long time on sites with a large number of nodes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.6218", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62125", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62156", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62211", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62201", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6930" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6930", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6930" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930" }, { "reference_url": "https://github.com/advisories/GHSA-3327-jr93-7hq3", "reference_id": "GHSA-3327-jr93-7hq3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3327-jr93-7hq3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26565?format=api", "purl": "pkg:composer/drupal/drupal@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5" } ], "aliases": [ "CVE-2017-6930", "GHSA-3327-jr93-7hq3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9f24-vqyt-r7dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9732?format=api", "vulnerability_id": "VCID-hzr8-ttbu-ebhg", "summary": "PECL YAML parser unsafe object handling\nPECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6920", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98509", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98518", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98516", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98515", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98511", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.66148", "scoring_system": "epss", "scoring_elements": "0.98507", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6920" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6920", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6920" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-003" }, { "reference_url": "http://www.securityfocus.com/bid/99211", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/99211" }, { "reference_url": "http://www.securitytracker.com/id/1038781", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038781" }, { "reference_url": "https://github.com/advisories/GHSA-9c24-g32g-35rj", "reference_id": "GHSA-9c24-g32g-35rj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c24-g32g-35rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29923?format=api", "purl": "pkg:composer/drupal/drupal@8.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4" } ], "aliases": [ "CVE-2017-6920", "GHSA-9c24-g32g-35rj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzr8-ttbu-ebhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8836?format=api", "vulnerability_id": "VCID-jnu7-1j9c-dqck", "summary": "JavaScript cross-site scripting prevention is incomplete\nDrupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80297", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.8035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80352", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80341", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80313", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6927" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4123", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4123" }, { "reference_url": "https://www.drupal.org/sa-core-2018-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2018-001" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "reference_url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927" }, { "reference_url": "http://www.securityfocus.com/bid/103138", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/103138" }, { "reference_url": "https://github.com/advisories/GHSA-585j-5449-mf5m", "reference_id": "GHSA-585j-5449-mf5m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-585j-5449-mf5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26565?format=api", "purl": "pkg:composer/drupal/drupal@8.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5" } ], "aliases": [ "CVE-2017-6927", "GHSA-585j-5449-mf5m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnu7-1j9c-dqck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10220?format=api", "vulnerability_id": "VCID-krhy-kg1b-rfbk", "summary": "File REST resource does not properly validate\nThe file REST resource does not properly validate some fields when manipulating files. the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64204", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64289", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64262", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.6429", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64327", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64314", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64299", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64249", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6921" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6921", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6921" }, { "reference_url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" }, { "reference_url": "https://www.drupal.org/SA-CORE-2017-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2017-003" }, { "reference_url": "http://www.securityfocus.com/bid/99222", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/99222" }, { "reference_url": "http://www.securitytracker.com/id/1038781", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038781" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-h377-287m-w2r9", "reference_id": "GHSA-h377-287m-w2r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h377-287m-w2r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29923?format=api", "purl": "pkg:composer/drupal/drupal@8.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-yare-57j9-j7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4" } ], "aliases": [ "CVE-2017-6921", "GHSA-h377-287m-w2r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krhy-kg1b-rfbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8893?format=api", "vulnerability_id": "VCID-nc36-atc6-yua6", "summary": "XSS Vulnerability\nCKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26993?format=api", "purl": "pkg:composer/drupal/drupal@8.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/26995?format=api", "purl": "pkg:composer/drupal/drupal@8.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-djgn-ezxp-37eu" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2" } ], "aliases": [ "SA-CORE-2018-003" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nc36-atc6-yua6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7558?format=api", "vulnerability_id": "VCID-sktb-khbq-cuaq", "summary": "Incorrect cache context on password reset page\nThe user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45439", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4546", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45365", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45452", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45451", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45481", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45459", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45405", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9450" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9450", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9450" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "reference_url": "http://www.securityfocus.com/bid/94367", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94367" }, { "reference_url": "https://security.archlinux.org/ASA-201611-20", "reference_id": "ASA-201611-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-20" }, { "reference_url": "https://security.archlinux.org/AVG-74", "reference_id": "AVG-74", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-74" }, { "reference_url": "https://github.com/advisories/GHSA-98w5-wqp9-w466", "reference_id": "GHSA-98w5-wqp9-w466", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98w5-wqp9-w466" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23298?format=api", "purl": "pkg:composer/drupal/drupal@8.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3" } ], "aliases": [ "CVE-2016-9450", "GHSA-98w5-wqp9-w466" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sktb-khbq-cuaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7560?format=api", "vulnerability_id": "VCID-vy1y-zkf3-4ue4", "summary": "Denial of service via transliterate mechanism\nA specially crafted URL can cause a denial of service via the transliterate mechanism.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59319", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59356", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59374", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5939", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59371", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59358", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59343", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59245", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9452" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9452", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9452" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "reference_url": "http://www.securityfocus.com/bid/94367", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94367" }, { "reference_url": "https://security.archlinux.org/ASA-201611-20", "reference_id": "ASA-201611-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-20" }, { "reference_url": "https://security.archlinux.org/AVG-74", "reference_id": "AVG-74", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-74" }, { "reference_url": "https://github.com/advisories/GHSA-jpj8-49hr-wcwv", "reference_id": "GHSA-jpj8-49hr-wcwv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jpj8-49hr-wcwv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23298?format=api", "purl": "pkg:composer/drupal/drupal@8.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3" } ], "aliases": [ "CVE-2016-9452", "GHSA-jpj8-49hr-wcwv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vy1y-zkf3-4ue4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7557?format=api", "vulnerability_id": "VCID-yrzt-3m97-53ce", "summary": "Unprivileged access to taxonomy terms\nModules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44011", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44027", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44045", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43989", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44042", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43991", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9449", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9449" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3718", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3718" }, { "reference_url": "http://www.securityfocus.com/bid/94367", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94367" }, { "reference_url": "https://security.archlinux.org/ASA-201611-20", "reference_id": "ASA-201611-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-20" }, { "reference_url": "https://security.archlinux.org/AVG-74", "reference_id": "AVG-74", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-74" }, { "reference_url": "https://github.com/advisories/GHSA-p745-347h-hjfw", "reference_id": "GHSA-p745-347h-hjfw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p745-347h-hjfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23298?format=api", "purl": "pkg:composer/drupal/drupal@8.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hpsp-5qtj-v7dq" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-m1ur-bb9m-m7d5" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3" } ], "aliases": [ "CVE-2016-9449", "GHSA-p745-347h-hjfw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzt-3m97-53ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7514?format=api", "vulnerability_id": "VCID-yty5-zn46-r3dj", "summary": "Unprivileged access to \"Administer comments\"\nUsers who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57143", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57152", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.5715", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57099", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57123", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.571", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7570" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7570", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7570" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-004" }, { "reference_url": "http://www.securityfocus.com/bid/93101", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/93101" }, { "reference_url": "http://www.securitytracker.com/id/1036886", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1036886" }, { "reference_url": "https://github.com/advisories/GHSA-6g9h-6v79-w4pc", "reference_id": "GHSA-6g9h-6v79-w4pc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6g9h-6v79-w4pc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23190?format=api", "purl": "pkg:composer/drupal/drupal@8.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10" } ], "aliases": [ "CVE-2016-7570", "GHSA-6g9h-6v79-w4pc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yty5-zn46-r3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7517?format=api", "vulnerability_id": "VCID-zvtp-4we3-qygx", "summary": "Unprivileged access to config export\nThe `system.temporary` route allows the download of a full config export. The full config export should be limited to those with \"Export configuration\" permission.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48577", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48564", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48591", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48568", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4851", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48574", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4852", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7572" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7572", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7572" }, { "reference_url": "https://www.drupal.org/SA-CORE-2016-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2016-004" }, { "reference_url": "http://www.securityfocus.com/bid/93101", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/93101" }, { "reference_url": "http://www.securitytracker.com/id/1036886", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1036886" }, { "reference_url": "https://github.com/advisories/GHSA-fmqh-2j2x-vgp3", "reference_id": "GHSA-fmqh-2j2x-vgp3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fmqh-2j2x-vgp3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23190?format=api", "purl": "pkg:composer/drupal/drupal@8.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1922-fwnz-wkbt" }, { "vulnerability": "VCID-349d-w26k-mqfw" }, { "vulnerability": "VCID-3fka-y25d-m7a3" }, { "vulnerability": "VCID-3hf4-tvxn-zyh4" }, { "vulnerability": "VCID-48ut-ykkc-83fx" }, { "vulnerability": "VCID-4aer-46u2-23f6" }, { "vulnerability": "VCID-565p-mgqe-gkfc" }, { "vulnerability": "VCID-5tqs-qmqn-gug5" }, { "vulnerability": "VCID-636u-5bdw-puh4" }, { "vulnerability": "VCID-6ck5-9e5b-w3ay" }, { "vulnerability": "VCID-6m8x-cfzp-tkf4" }, { "vulnerability": "VCID-8nda-kjr2-ufd4" }, { "vulnerability": "VCID-9f24-vqyt-r7dq" }, { "vulnerability": "VCID-9vdz-1jpq-kue3" }, { "vulnerability": "VCID-bbzr-hbhv-yyee" }, { "vulnerability": "VCID-c9dm-17vt-4bbc" }, { "vulnerability": "VCID-cucx-jfqf-pkd1" }, { "vulnerability": "VCID-d4qd-ut89-gbf4" }, { "vulnerability": "VCID-dgjq-y5zj-cud1" }, { "vulnerability": "VCID-fm5k-u7s6-wfhb" }, { "vulnerability": "VCID-g1rp-twzp-63e1" }, { "vulnerability": "VCID-ga35-289v-vqhr" }, { "vulnerability": "VCID-gzcu-sbks-wyfa" }, { "vulnerability": "VCID-hzr8-ttbu-ebhg" }, { "vulnerability": "VCID-jfq8-xxwa-mkd1" }, { "vulnerability": "VCID-jnu7-1j9c-dqck" }, { "vulnerability": "VCID-k1gx-nznx-7qd6" }, { "vulnerability": "VCID-kh51-g4cv-tqaw" }, { "vulnerability": "VCID-krhy-kg1b-rfbk" }, { "vulnerability": "VCID-mapb-hsvc-2khc" }, { "vulnerability": "VCID-n119-gta2-kfg1" }, { "vulnerability": "VCID-n7un-zgqv-jfef" }, { "vulnerability": "VCID-nc36-atc6-yua6" }, { "vulnerability": "VCID-nd8n-5dsu-2fbp" }, { "vulnerability": "VCID-pk74-yy1n-8qck" }, { "vulnerability": "VCID-r8pv-9upr-y7gd" }, { "vulnerability": "VCID-rhj7-dy7q-jkhw" }, { "vulnerability": "VCID-rr4q-f5cv-nkah" }, { "vulnerability": "VCID-s9kv-9qfu-gbdq" }, { "vulnerability": "VCID-sktb-khbq-cuaq" }, { "vulnerability": "VCID-t84c-8r34-57b9" }, { "vulnerability": "VCID-ty3y-k9t2-qyba" }, { "vulnerability": "VCID-u1xx-aazv-bkg5" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-uqcw-p8g2-cfd2" }, { "vulnerability": "VCID-utyg-huhu-2ucq" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vq5y-hdw3-nucj" }, { "vulnerability": "VCID-vy1y-zkf3-4ue4" }, { "vulnerability": "VCID-w3q4-838v-97ck" }, { "vulnerability": "VCID-wbuz-qcp3-43aq" }, { "vulnerability": "VCID-wbvy-zrtk-audw" }, { "vulnerability": "VCID-ww44-hb2y-mfd5" }, { "vulnerability": "VCID-wwvq-399y-rfhc" }, { "vulnerability": "VCID-y74s-ghyc-2bhs" }, { "vulnerability": "VCID-yare-57j9-j7cs" }, { "vulnerability": "VCID-ymka-jfep-87gt" }, { "vulnerability": "VCID-yrzt-3m97-53ce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10" } ], "aliases": [ "CVE-2016-7572", "GHSA-fmqh-2j2x-vgp3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zvtp-4we3-qygx" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0-alpha12" }