Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@8.5.4
Typecomposer
Namespacedrupal
Namecore
Version8.5.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.4.9
Latest_non_vulnerable_version11.2.8
Affected_by_vulnerabilities
0
url VCID-349d-w26k-mqfw
vulnerability_id VCID-349d-w26k-mqfw
summary 
Moderately critical - Third-party libraries - SA-CORE-2019-007
The `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11831
reference_id
reference_type
scores
0
value 0.09656
scoring_system epss
scoring_elements 0.92901
published_at 2026-04-13T12:55:00Z
1
value 0.09656
scoring_system epss
scoring_elements 0.929
published_at 2026-04-12T12:55:00Z
2
value 0.09656
scoring_system epss
scoring_elements 0.92902
published_at 2026-04-11T12:55:00Z
3
value 0.09656
scoring_system epss
scoring_elements 0.92897
published_at 2026-04-09T12:55:00Z
4
value 0.10327
scoring_system epss
scoring_elements 0.93164
published_at 2026-04-02T12:55:00Z
5
value 0.10327
scoring_system epss
scoring_elements 0.93155
published_at 2026-04-01T12:55:00Z
6
value 0.10327
scoring_system epss
scoring_elements 0.93175
published_at 2026-04-08T12:55:00Z
7
value 0.10327
scoring_system epss
scoring_elements 0.93167
published_at 2026-04-07T12:55:00Z
8
value 0.10327
scoring_system epss
scoring_elements 0.93168
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11831
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml
5
reference_url https://github.com/TYPO3/phar-stream-wrapper
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper
6
reference_url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1
7
reference_url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1
8
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
33
reference_url https://seclists.org/bugtraq/2019/May/36
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/36
34
reference_url https://typo3.org/security/advisory/typo3-psa-2019-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-psa-2019-007
35
reference_url https://typo3.org/security/advisory/typo3-psa-2019-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-psa-2019-007/
36
reference_url https://www.debian.org/security/2019/dsa-4445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4445
37
reference_url https://www.drupal.org/sa-core-2019-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-007
38
reference_url https://www.drupal.org/SA-CORE-2019-007
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2019-007
39
reference_url https://www.synology.com/security/advisory/Synology_SA_19_22
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_22
40
reference_url http://www.securityfocus.com/bid/108302
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108302
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11831
reference_id CVE-2019-11831
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11831
42
reference_url https://github.com/advisories/GHSA-xv7v-rf6g-xwrc
reference_id GHSA-xv7v-rf6g-xwrc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv7v-rf6g-xwrc
fixed_packages
0
url pkg:composer/drupal/core@8.6.16
purl pkg:composer/drupal/core@8.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kh7-v1uc-wfha
1
vulnerability VCID-6ck5-9e5b-w3ay
2
vulnerability VCID-6m8x-cfzp-tkf4
3
vulnerability VCID-77zc-1gc8-r7b7
4
vulnerability VCID-7fs3-gwc7-nkes
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-fwbj-ctxz-2bc6
11
vulnerability VCID-g33x-1paw-7udm
12
vulnerability VCID-hgb1-xrne-e7c8
13
vulnerability VCID-hwnd-nuv7-jqbh
14
vulnerability VCID-j21d-w3g7-cbcg
15
vulnerability VCID-jctf-yffu-hbag
16
vulnerability VCID-jrb8-jnz4-83c8
17
vulnerability VCID-k1gx-nznx-7qd6
18
vulnerability VCID-kam1-84p4-qych
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n119-gta2-kfg1
21
vulnerability VCID-n7un-zgqv-jfef
22
vulnerability VCID-qvbt-7e55-4bg4
23
vulnerability VCID-st6v-ch5g-r7h2
24
vulnerability VCID-syrg-ckq7-cbd6
25
vulnerability VCID-u4w3-usvb-jyf6
26
vulnerability VCID-ummk-h11z-bkaj
27
vulnerability VCID-uqcw-p8g2-cfd2
28
vulnerability VCID-v9v6-ae3e-g3hk
29
vulnerability VCID-vevm-4sfk-f7gq
30
vulnerability VCID-vrdx-165p-efda
31
vulnerability VCID-w6cz-mg4v-3udj
32
vulnerability VCID-wbuz-qcp3-43aq
33
vulnerability VCID-ww44-hb2y-mfd5
34
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.16
1
url pkg:composer/drupal/core@8.7.1
purl pkg:composer/drupal/core@8.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-5618-53yg-8qh4
2
vulnerability VCID-5kh7-v1uc-wfha
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-77zc-1gc8-r7b7
6
vulnerability VCID-7fs3-gwc7-nkes
7
vulnerability VCID-9ss3-mvt3-8bem
8
vulnerability VCID-bbzr-hbhv-yyee
9
vulnerability VCID-bkxp-gn34-67av
10
vulnerability VCID-cvxp-ctj9-guej
11
vulnerability VCID-dgjq-y5zj-cud1
12
vulnerability VCID-ed6y-c9tz-mbds
13
vulnerability VCID-fwbj-ctxz-2bc6
14
vulnerability VCID-g33x-1paw-7udm
15
vulnerability VCID-hgb1-xrne-e7c8
16
vulnerability VCID-hwnd-nuv7-jqbh
17
vulnerability VCID-j21d-w3g7-cbcg
18
vulnerability VCID-jctf-yffu-hbag
19
vulnerability VCID-jrb8-jnz4-83c8
20
vulnerability VCID-k1gx-nznx-7qd6
21
vulnerability VCID-kam1-84p4-qych
22
vulnerability VCID-mapb-hsvc-2khc
23
vulnerability VCID-n119-gta2-kfg1
24
vulnerability VCID-n7un-zgqv-jfef
25
vulnerability VCID-nj3a-eb59-jygs
26
vulnerability VCID-qvbt-7e55-4bg4
27
vulnerability VCID-st6v-ch5g-r7h2
28
vulnerability VCID-syrg-ckq7-cbd6
29
vulnerability VCID-u4w3-usvb-jyf6
30
vulnerability VCID-ummk-h11z-bkaj
31
vulnerability VCID-uqcw-p8g2-cfd2
32
vulnerability VCID-v9v6-ae3e-g3hk
33
vulnerability VCID-vevm-4sfk-f7gq
34
vulnerability VCID-vrdx-165p-efda
35
vulnerability VCID-w6cz-mg4v-3udj
36
vulnerability VCID-wbuz-qcp3-43aq
37
vulnerability VCID-ww44-hb2y-mfd5
38
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.1
aliases CVE-2019-11831, GHSA-xv7v-rf6g-xwrc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-349d-w26k-mqfw
1
url VCID-3fka-y25d-m7a3
vulnerability_id VCID-3fka-y25d-m7a3
summary 
Improper Input Validation
A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6339
reference_id
reference_type
scores
0
value 0.76091
scoring_system epss
scoring_elements 0.98913
published_at 2026-04-02T12:55:00Z
1
value 0.76091
scoring_system epss
scoring_elements 0.98921
published_at 2026-04-13T12:55:00Z
2
value 0.76091
scoring_system epss
scoring_elements 0.9892
published_at 2026-04-11T12:55:00Z
3
value 0.76091
scoring_system epss
scoring_elements 0.98918
published_at 2026-04-09T12:55:00Z
4
value 0.76091
scoring_system epss
scoring_elements 0.98919
published_at 2026-04-08T12:55:00Z
5
value 0.76091
scoring_system epss
scoring_elements 0.98917
published_at 2026-04-07T12:55:00Z
6
value 0.76091
scoring_system epss
scoring_elements 0.98912
published_at 2026-04-01T12:55:00Z
7
value 0.76091
scoring_system epss
scoring_elements 0.98915
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6339
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml
5
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6339
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6339
7
reference_url https://www.debian.org/security/2019/dsa-4370
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4370
8
reference_url https://www.drupal.org/sa-core-2019-002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-002
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
12
reference_url https://github.com/advisories/GHSA-8cw5-rv98-5c46
reference_id GHSA-8cw5-rv98-5c46
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8cw5-rv98-5c46
fixed_packages
0
url pkg:composer/drupal/core@8.5.9
purl pkg:composer/drupal/core@8.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.9
1
url pkg:composer/drupal/core@8.6.6
purl pkg:composer/drupal/core@8.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3s9f-prpy-hbcx
2
vulnerability VCID-565p-mgqe-gkfc
3
vulnerability VCID-5kh7-v1uc-wfha
4
vulnerability VCID-636u-5bdw-puh4
5
vulnerability VCID-6ck5-9e5b-w3ay
6
vulnerability VCID-6m8x-cfzp-tkf4
7
vulnerability VCID-77zc-1gc8-r7b7
8
vulnerability VCID-7fs3-gwc7-nkes
9
vulnerability VCID-9ss3-mvt3-8bem
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-bkxp-gn34-67av
12
vulnerability VCID-dgjq-y5zj-cud1
13
vulnerability VCID-djgn-ezxp-37eu
14
vulnerability VCID-ed6y-c9tz-mbds
15
vulnerability VCID-fwbj-ctxz-2bc6
16
vulnerability VCID-g33x-1paw-7udm
17
vulnerability VCID-hgb1-xrne-e7c8
18
vulnerability VCID-hwnd-nuv7-jqbh
19
vulnerability VCID-j21d-w3g7-cbcg
20
vulnerability VCID-jctf-yffu-hbag
21
vulnerability VCID-jrb8-jnz4-83c8
22
vulnerability VCID-k1gx-nznx-7qd6
23
vulnerability VCID-kam1-84p4-qych
24
vulnerability VCID-mapb-hsvc-2khc
25
vulnerability VCID-n119-gta2-kfg1
26
vulnerability VCID-n7un-zgqv-jfef
27
vulnerability VCID-qvbt-7e55-4bg4
28
vulnerability VCID-rhj7-dy7q-jkhw
29
vulnerability VCID-st6v-ch5g-r7h2
30
vulnerability VCID-syrg-ckq7-cbd6
31
vulnerability VCID-u4w3-usvb-jyf6
32
vulnerability VCID-ummk-h11z-bkaj
33
vulnerability VCID-uqcw-p8g2-cfd2
34
vulnerability VCID-v9v6-ae3e-g3hk
35
vulnerability VCID-vevm-4sfk-f7gq
36
vulnerability VCID-vrdx-165p-efda
37
vulnerability VCID-w6cz-mg4v-3udj
38
vulnerability VCID-wbuz-qcp3-43aq
39
vulnerability VCID-ww44-hb2y-mfd5
40
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6
aliases CVE-2019-6339, GHSA-8cw5-rv98-5c46
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3fka-y25d-m7a3
2
url VCID-3s9f-prpy-hbcx
vulnerability_id VCID-3s9f-prpy-hbcx
summary 
Cross-site Scripting
The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
3
reference_url http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
4
reference_url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
5
reference_url https://access.redhat.com/errata/RHBA-2019:1570
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHBA-2019:1570
6
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHSA-2019:1456
7
reference_url https://access.redhat.com/errata/RHSA-2019:2587
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHSA-2019:2587
8
reference_url https://access.redhat.com/errata/RHSA-2019:3023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHSA-2019:3023
9
reference_url https://access.redhat.com/errata/RHSA-2019:3024
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHSA-2019:3024
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11358
reference_id
reference_type
scores
0
value 0.01856
scoring_system epss
scoring_elements 0.83035
published_at 2026-04-11T12:55:00Z
1
value 0.01856
scoring_system epss
scoring_elements 0.83024
published_at 2026-04-13T12:55:00Z
2
value 0.01856
scoring_system epss
scoring_elements 0.83028
published_at 2026-04-12T12:55:00Z
3
value 0.01856
scoring_system epss
scoring_elements 0.8302
published_at 2026-04-09T12:55:00Z
4
value 0.01856
scoring_system epss
scoring_elements 0.83012
published_at 2026-04-08T12:55:00Z
5
value 0.01856
scoring_system epss
scoring_elements 0.82988
published_at 2026-04-07T12:55:00Z
6
value 0.01856
scoring_system epss
scoring_elements 0.8299
published_at 2026-04-04T12:55:00Z
7
value 0.02717
scoring_system epss
scoring_elements 0.85871
published_at 2026-04-02T12:55:00Z
8
value 0.02717
scoring_system epss
scoring_elements 0.8586
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11358
12
reference_url https://backdropcms.org/security/backdrop-sa-core-2019-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://backdropcms.org/security/backdrop-sa-core-2019-009
13
reference_url https://blog.jquery.com/2019/04/10/jquery-3-4-0-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.jquery.com/2019/04/10/jquery-3-4-0-released
14
reference_url https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
25
reference_url http://seclists.org/fulldisclosure/2019/May/10
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://seclists.org/fulldisclosure/2019/May/10
26
reference_url http://seclists.org/fulldisclosure/2019/May/11
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://seclists.org/fulldisclosure/2019/May/11
27
reference_url http://seclists.org/fulldisclosure/2019/May/13
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://seclists.org/fulldisclosure/2019/May/13
28
reference_url https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f
29
reference_url https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829
30
reference_url https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad
31
reference_url https://github.com/jquery/jquery
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery
32
reference_url https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
33
reference_url https://github.com/jquery/jquery/pull/4333
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://github.com/jquery/jquery/pull/4333
34
reference_url https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc
35
reference_url https://github.com/maximebf/php-debugbar/issues/447
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/maximebf/php-debugbar/issues/447
36
reference_url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434
37
reference_url https://hackerone.com/reports/454365
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements
url https://hackerone.com/reports/454365
38
reference_url https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
39
reference_url https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E
46
reference_url https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
47
reference_url https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E
48
reference_url https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
49
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
50
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
51
reference_url https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E
52
reference_url https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
53
reference_url https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E
54
reference_url https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
55
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
56
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
57
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
58
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
59
reference_url https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E
60
reference_url https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
61
reference_url https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E
62
reference_url https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
63
reference_url https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E
64
reference_url https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
65
reference_url https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E
66
reference_url https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
67
reference_url https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E
68
reference_url https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
69
reference_url https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E
70
reference_url https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
71
reference_url https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E
72
reference_url https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
73
reference_url https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E
74
reference_url https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
75
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
76
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
77
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
78
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
79
reference_url https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
80
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
81
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
82
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
83
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
84
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
85
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
86
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
87
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
88
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
89
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
90
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
91
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
92
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
93
reference_url https://seclists.org/bugtraq/2019/Apr/32
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://seclists.org/bugtraq/2019/Apr/32
94
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://seclists.org/bugtraq/2019/Jun/12
95
reference_url https://seclists.org/bugtraq/2019/May/18
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://seclists.org/bugtraq/2019/May/18
96
reference_url https://security.netapp.com/advisory/ntap-20190919-0001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190919-0001
97
reference_url https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226
98
reference_url https://snyk.io/vuln/SNYK-JS-JQUERY-174006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://snyk.io/vuln/SNYK-JS-JQUERY-174006
99
reference_url https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
100
reference_url https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023
101
reference_url https://www.debian.org/security/2019/dsa-4434
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.debian.org/security/2019/dsa-4434
102
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.debian.org/security/2019/dsa-4460
103
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
104
reference_url https://www.drupal.org/sa-core-2019-006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.drupal.org/sa-core-2019-006
105
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpuapr2020.html
106
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
107
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpujan2020.html
108
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpujan2021.html
109
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
110
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpujul2020.html
111
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
112
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpuoct2020.html
113
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
114
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
115
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
116
reference_url https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery
117
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.synology.com/security/advisory/Synology_SA_19_19
118
reference_url https://www.tenable.com/security/tns-2019-08
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.tenable.com/security/tns-2019-08
119
reference_url https://www.tenable.com/security/tns-2020-02
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.tenable.com/security/tns-2020-02
120
reference_url http://www.openwall.com/lists/oss-security/2019/06/03/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://www.openwall.com/lists/oss-security/2019/06/03/2
121
reference_url http://www.securityfocus.com/bid/108023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://www.securityfocus.com/bid/108023
122
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1701972
reference_id 1701972
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1701972
123
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json
reference_id 496
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json
124
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
reference_id 4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
125
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
reference_id 5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
126
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466
reference_id 927466
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466
127
reference_url https://security.archlinux.org/ASA-201906-2
reference_id ASA-201906-2
reference_type
scores
url https://security.archlinux.org/ASA-201906-2
128
reference_url https://security.archlinux.org/AVG-969
reference_id AVG-969
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-969
129
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11358
reference_id CVE-2019-11358
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11358
130
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml
reference_id CVE-2019-11358.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml
131
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt
reference_id CVE-2020-7656;CVE-2019-11358
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt
132
reference_url https://github.com/advisories/GHSA-6c3j-c64m-qhgq
reference_id GHSA-6c3j-c64m-qhgq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6c3j-c64m-qhgq
133
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
reference_id KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
134
reference_url https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
reference_id mitigating-cve-2019-11358-in-old-versions-of-jquery
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
135
reference_url https://security.netapp.com/advisory/ntap-20190919-0001/
reference_id ntap-20190919-0001
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://security.netapp.com/advisory/ntap-20190919-0001/
136
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
reference_id QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
137
reference_url https://access.redhat.com/errata/RHSA-2020:1325
reference_id RHSA-2020:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1325
138
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
139
reference_url https://access.redhat.com/errata/RHSA-2020:3936
reference_id RHSA-2020:3936
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3936
140
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
141
reference_url https://access.redhat.com/errata/RHSA-2020:4670
reference_id RHSA-2020:4670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4670
142
reference_url https://access.redhat.com/errata/RHSA-2020:4847
reference_id RHSA-2020:4847
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4847
143
reference_url https://access.redhat.com/errata/RHSA-2020:5581
reference_id RHSA-2020:5581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5581
144
reference_url https://access.redhat.com/errata/RHSA-2021:4142
reference_id RHSA-2021:4142
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4142
145
reference_url https://access.redhat.com/errata/RHSA-2022:7343
reference_id RHSA-2022:7343
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7343
146
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
147
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
148
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
149
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
150
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
reference_id RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
151
reference_url https://usn.ubuntu.com/7622-1/
reference_id USN-7622-1
reference_type
scores
url https://usn.ubuntu.com/7622-1/
152
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
reference_id WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
fixed_packages
0
url pkg:composer/drupal/core@8.5.15
purl pkg:composer/drupal/core@8.5.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-5kh7-v1uc-wfha
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-7fs3-gwc7-nkes
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-jrb8-jnz4-83c8
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n119-gta2-kfg1
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-qvbt-7e55-4bg4
24
vulnerability VCID-st6v-ch5g-r7h2
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-uqcw-p8g2-cfd2
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
34
vulnerability VCID-ww44-hb2y-mfd5
35
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.15
1
url pkg:composer/drupal/core@8.6.15
purl pkg:composer/drupal/core@8.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-5kh7-v1uc-wfha
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-7fs3-gwc7-nkes
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-jrb8-jnz4-83c8
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n119-gta2-kfg1
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-qvbt-7e55-4bg4
24
vulnerability VCID-st6v-ch5g-r7h2
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-uqcw-p8g2-cfd2
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
34
vulnerability VCID-ww44-hb2y-mfd5
35
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.15
aliases CVE-2019-11358, GHSA-6c3j-c64m-qhgq
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3s9f-prpy-hbcx
3
url VCID-3sr6-86jw-6fb9
vulnerability_id VCID-3sr6-86jw-6fb9
summary 
Drupal External URL injection through URL aliases leading to Open Redirect
The path module in Drupal allows users with the 'administer paths' to create pretty URLs for content.
In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-2.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-2.yaml
2
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-006
3
reference_url https://github.com/advisories/GHSA-7f4f-p7mq-p4fv
reference_id GHSA-7f4f-p7mq-p4fv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7f4f-p7mq-p4fv
fixed_packages
0
url pkg:composer/drupal/core@8.5.8
purl pkg:composer/drupal/core@8.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-c9dm-17vt-4bbc
14
vulnerability VCID-cucx-jfqf-pkd1
15
vulnerability VCID-dgjq-y5zj-cud1
16
vulnerability VCID-djgn-ezxp-37eu
17
vulnerability VCID-ed6y-c9tz-mbds
18
vulnerability VCID-fwbj-ctxz-2bc6
19
vulnerability VCID-g33x-1paw-7udm
20
vulnerability VCID-gzcu-sbks-wyfa
21
vulnerability VCID-hgb1-xrne-e7c8
22
vulnerability VCID-hwnd-nuv7-jqbh
23
vulnerability VCID-j21d-w3g7-cbcg
24
vulnerability VCID-jctf-yffu-hbag
25
vulnerability VCID-jrb8-jnz4-83c8
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kam1-84p4-qych
28
vulnerability VCID-mapb-hsvc-2khc
29
vulnerability VCID-n119-gta2-kfg1
30
vulnerability VCID-n7un-zgqv-jfef
31
vulnerability VCID-nd8n-5dsu-2fbp
32
vulnerability VCID-qvbt-7e55-4bg4
33
vulnerability VCID-rhj7-dy7q-jkhw
34
vulnerability VCID-rr4q-f5cv-nkah
35
vulnerability VCID-st6v-ch5g-r7h2
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u1xx-aazv-bkg5
38
vulnerability VCID-u4w3-usvb-jyf6
39
vulnerability VCID-ummk-h11z-bkaj
40
vulnerability VCID-uqcw-p8g2-cfd2
41
vulnerability VCID-v9v6-ae3e-g3hk
42
vulnerability VCID-vevm-4sfk-f7gq
43
vulnerability VCID-vrdx-165p-efda
44
vulnerability VCID-w6cz-mg4v-3udj
45
vulnerability VCID-wbuz-qcp3-43aq
46
vulnerability VCID-ww44-hb2y-mfd5
47
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.8
1
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GHSA-7f4f-p7mq-p4fv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sr6-86jw-6fb9
4
url VCID-565p-mgqe-gkfc
vulnerability_id VCID-565p-mgqe-gkfc
summary Cross-site Scripting vulnerability in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2019-004
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2019-004
fixed_packages
0
url pkg:composer/drupal/core@8.6.12
purl pkg:composer/drupal/core@8.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3s9f-prpy-hbcx
2
vulnerability VCID-5kh7-v1uc-wfha
3
vulnerability VCID-636u-5bdw-puh4
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-6m8x-cfzp-tkf4
6
vulnerability VCID-77zc-1gc8-r7b7
7
vulnerability VCID-7fs3-gwc7-nkes
8
vulnerability VCID-9ss3-mvt3-8bem
9
vulnerability VCID-bbzr-hbhv-yyee
10
vulnerability VCID-bkxp-gn34-67av
11
vulnerability VCID-dgjq-y5zj-cud1
12
vulnerability VCID-djgn-ezxp-37eu
13
vulnerability VCID-ed6y-c9tz-mbds
14
vulnerability VCID-fwbj-ctxz-2bc6
15
vulnerability VCID-g33x-1paw-7udm
16
vulnerability VCID-hgb1-xrne-e7c8
17
vulnerability VCID-hwnd-nuv7-jqbh
18
vulnerability VCID-j21d-w3g7-cbcg
19
vulnerability VCID-jctf-yffu-hbag
20
vulnerability VCID-jrb8-jnz4-83c8
21
vulnerability VCID-k1gx-nznx-7qd6
22
vulnerability VCID-kam1-84p4-qych
23
vulnerability VCID-mapb-hsvc-2khc
24
vulnerability VCID-n119-gta2-kfg1
25
vulnerability VCID-n7un-zgqv-jfef
26
vulnerability VCID-qvbt-7e55-4bg4
27
vulnerability VCID-st6v-ch5g-r7h2
28
vulnerability VCID-syrg-ckq7-cbd6
29
vulnerability VCID-u4w3-usvb-jyf6
30
vulnerability VCID-ummk-h11z-bkaj
31
vulnerability VCID-uqcw-p8g2-cfd2
32
vulnerability VCID-v9v6-ae3e-g3hk
33
vulnerability VCID-vevm-4sfk-f7gq
34
vulnerability VCID-vrdx-165p-efda
35
vulnerability VCID-w6cz-mg4v-3udj
36
vulnerability VCID-wbuz-qcp3-43aq
37
vulnerability VCID-ww44-hb2y-mfd5
38
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.12
aliases 2019-03-20
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-565p-mgqe-gkfc
5
url VCID-5kh7-v1uc-wfha
vulnerability_id VCID-5kh7-v1uc-wfha
summary 
Drupal core unrestricted file upload
Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did.

Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file.

After this fix, file_save_upload() now trims leading and trailing dots from filenames.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-2.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-2.yaml
2
reference_url https://www.drupal.org/sa-core-2019-010
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-010
3
reference_url https://github.com/advisories/GHSA-7gwj-7fhm-vw4w
reference_id GHSA-7gwj-7fhm-vw4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gwj-7fhm-vw4w
fixed_packages
0
url pkg:composer/drupal/core@8.7.11
purl pkg:composer/drupal/core@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-5618-53yg-8qh4
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-cvxp-ctj9-guej
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-jrb8-jnz4-83c8
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n119-gta2-kfg1
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-nj3a-eb59-jygs
24
vulnerability VCID-qvbt-7e55-4bg4
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-uqcw-p8g2-cfd2
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
34
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.11
1
url pkg:composer/drupal/core@8.8.1
purl pkg:composer/drupal/core@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-5618-53yg-8qh4
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-6m8x-cfzp-tkf4
6
vulnerability VCID-77zc-1gc8-r7b7
7
vulnerability VCID-9qyz-jfgb-5yfs
8
vulnerability VCID-9ss3-mvt3-8bem
9
vulnerability VCID-agtf-c53h-2fdx
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-bkxp-gn34-67av
12
vulnerability VCID-cvxp-ctj9-guej
13
vulnerability VCID-dgjq-y5zj-cud1
14
vulnerability VCID-ed6y-c9tz-mbds
15
vulnerability VCID-fwbj-ctxz-2bc6
16
vulnerability VCID-g33x-1paw-7udm
17
vulnerability VCID-gbz5-5frj-hber
18
vulnerability VCID-hgb1-xrne-e7c8
19
vulnerability VCID-hwnd-nuv7-jqbh
20
vulnerability VCID-j21d-w3g7-cbcg
21
vulnerability VCID-jctf-yffu-hbag
22
vulnerability VCID-jrb8-jnz4-83c8
23
vulnerability VCID-k1gx-nznx-7qd6
24
vulnerability VCID-kam1-84p4-qych
25
vulnerability VCID-mapb-hsvc-2khc
26
vulnerability VCID-mhk6-9qdy-83f3
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-nj3a-eb59-jygs
30
vulnerability VCID-ptxz-rvbt-hqhz
31
vulnerability VCID-q4qx-7s1y-q3hc
32
vulnerability VCID-qvbt-7e55-4bg4
33
vulnerability VCID-rdgr-yuu7-xkey
34
vulnerability VCID-rxhd-nkpr-87fm
35
vulnerability VCID-ssyn-dxp9-3kdq
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u4w3-usvb-jyf6
38
vulnerability VCID-ummk-h11z-bkaj
39
vulnerability VCID-uqcw-p8g2-cfd2
40
vulnerability VCID-v9v6-ae3e-g3hk
41
vulnerability VCID-vevm-4sfk-f7gq
42
vulnerability VCID-vrdx-165p-efda
43
vulnerability VCID-w6cz-mg4v-3udj
44
vulnerability VCID-wbuz-qcp3-43aq
45
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.1
aliases GHSA-7gwj-7fhm-vw4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kh7-v1uc-wfha
6
url VCID-636u-5bdw-puh4
vulnerability_id VCID-636u-5bdw-puh4
summary 
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
reference_id
reference_type
scores
0
value 0.00369
scoring_system epss
scoring_elements 0.58747
published_at 2026-04-02T12:55:00Z
1
value 0.00369
scoring_system epss
scoring_elements 0.58776
published_at 2026-04-13T12:55:00Z
2
value 0.00369
scoring_system epss
scoring_elements 0.58814
published_at 2026-04-11T12:55:00Z
3
value 0.00369
scoring_system epss
scoring_elements 0.58795
published_at 2026-04-12T12:55:00Z
4
value 0.00369
scoring_system epss
scoring_elements 0.58788
published_at 2026-04-08T12:55:00Z
5
value 0.00369
scoring_system epss
scoring_elements 0.58736
published_at 2026-04-07T12:55:00Z
6
value 0.00369
scoring_system epss
scoring_elements 0.58768
published_at 2026-04-04T12:55:00Z
7
value 0.00369
scoring_system epss
scoring_elements 0.58663
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
13
reference_url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
14
reference_url https://www.drupal.org/sa-core-2019-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-005
15
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
17
reference_url https://symfony.com/cve-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10909
18
reference_url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
reference_id CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
19
reference_url https://github.com/advisories/GHSA-g996-q5r8-w7g2
reference_id GHSA-g996-q5r8-w7g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g996-q5r8-w7g2
fixed_packages
0
url pkg:composer/drupal/core@8.5.15
purl pkg:composer/drupal/core@8.5.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-5kh7-v1uc-wfha
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-7fs3-gwc7-nkes
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-jrb8-jnz4-83c8
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n119-gta2-kfg1
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-qvbt-7e55-4bg4
24
vulnerability VCID-st6v-ch5g-r7h2
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-uqcw-p8g2-cfd2
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
34
vulnerability VCID-ww44-hb2y-mfd5
35
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.15
1
url pkg:composer/drupal/core@8.6.15
purl pkg:composer/drupal/core@8.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-5kh7-v1uc-wfha
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-7fs3-gwc7-nkes
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-jrb8-jnz4-83c8
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n119-gta2-kfg1
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-qvbt-7e55-4bg4
24
vulnerability VCID-st6v-ch5g-r7h2
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-uqcw-p8g2-cfd2
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
34
vulnerability VCID-ww44-hb2y-mfd5
35
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.15
aliases CVE-2019-10909, GHSA-g996-q5r8-w7g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-636u-5bdw-puh4
7
url VCID-6ck5-9e5b-w3ay
vulnerability_id VCID-6ck5-9e5b-w3ay
summary 
Improper access control
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59084
published_at 2026-04-02T12:55:00Z
1
value 0.00375
scoring_system epss
scoring_elements 0.59071
published_at 2026-04-07T12:55:00Z
2
value 0.00375
scoring_system epss
scoring_elements 0.59107
published_at 2026-04-13T12:55:00Z
3
value 0.00375
scoring_system epss
scoring_elements 0.59144
published_at 2026-04-11T12:55:00Z
4
value 0.00375
scoring_system epss
scoring_elements 0.59126
published_at 2026-04-12T12:55:00Z
5
value 0.00375
scoring_system epss
scoring_elements 0.59123
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
3
reference_url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
4
reference_url https://www.drupal.org/sa-core-2022-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/
url https://www.drupal.org/sa-core-2022-012
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
reference_id CVE-2022-25275
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
reference_id CVE-2022-25275.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
7
reference_url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
reference_id GHSA-xh3v-6f9j-wxw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-ummk-h11z-bkaj
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-ummk-h11z-bkaj
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25275, GHSA-xh3v-6f9j-wxw3, GMS-2022-3362
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ck5-9e5b-w3ay
8
url VCID-6m8x-cfzp-tkf4
vulnerability_id VCID-6m8x-cfzp-tkf4
summary 
Drupal core Unrestricted Upload of File with Dangerous Type
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 0.04504
scoring_system epss
scoring_elements 0.89078
published_at 2026-04-01T12:55:00Z
1
value 0.04504
scoring_system epss
scoring_elements 0.89133
published_at 2026-04-13T12:55:00Z
2
value 0.04504
scoring_system epss
scoring_elements 0.89135
published_at 2026-04-12T12:55:00Z
3
value 0.04504
scoring_system epss
scoring_elements 0.89138
published_at 2026-04-11T12:55:00Z
4
value 0.04504
scoring_system epss
scoring_elements 0.89127
published_at 2026-04-09T12:55:00Z
5
value 0.04504
scoring_system epss
scoring_elements 0.89122
published_at 2026-04-08T12:55:00Z
6
value 0.04504
scoring_system epss
scoring_elements 0.89105
published_at 2026-04-07T12:55:00Z
7
value 0.04504
scoring_system epss
scoring_elements 0.89102
published_at 2026-04-04T12:55:00Z
8
value 0.04504
scoring_system epss
scoring_elements 0.89087
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
6
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
7
reference_url https://www.drupal.org/sa-core-2020-012
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://www.drupal.org/sa-core-2020-012
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id 5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
reference_id CVE-2020-13671
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
12
reference_url https://github.com/advisories/GHSA-68jc-v27h-vhmw
reference_id GHSA-68jc-v27h-vhmw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68jc-v27h-vhmw
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
14
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
15
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@8.8.11
purl pkg:composer/drupal/core@8.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-fwbj-ctxz-2bc6
11
vulnerability VCID-g33x-1paw-7udm
12
vulnerability VCID-gbz5-5frj-hber
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-k1gx-nznx-7qd6
18
vulnerability VCID-kam1-84p4-qych
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n7un-zgqv-jfef
21
vulnerability VCID-q4qx-7s1y-q3hc
22
vulnerability VCID-qvbt-7e55-4bg4
23
vulnerability VCID-rdgr-yuu7-xkey
24
vulnerability VCID-syrg-ckq7-cbd6
25
vulnerability VCID-u4w3-usvb-jyf6
26
vulnerability VCID-ummk-h11z-bkaj
27
vulnerability VCID-v9v6-ae3e-g3hk
28
vulnerability VCID-vevm-4sfk-f7gq
29
vulnerability VCID-vrdx-165p-efda
30
vulnerability VCID-w6cz-mg4v-3udj
31
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.11
1
url pkg:composer/drupal/core@8.9.9
purl pkg:composer/drupal/core@8.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-fwbj-ctxz-2bc6
11
vulnerability VCID-g33x-1paw-7udm
12
vulnerability VCID-gbz5-5frj-hber
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-k1gx-nznx-7qd6
18
vulnerability VCID-kam1-84p4-qych
19
vulnerability VCID-kc7d-5k6x-77bp
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n7un-zgqv-jfef
22
vulnerability VCID-q4qx-7s1y-q3hc
23
vulnerability VCID-qvbt-7e55-4bg4
24
vulnerability VCID-rdgr-yuu7-xkey
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-v9v6-ae3e-g3hk
29
vulnerability VCID-vevm-4sfk-f7gq
30
vulnerability VCID-vrdx-165p-efda
31
vulnerability VCID-w6cz-mg4v-3udj
32
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.9
2
url pkg:composer/drupal/core@9.0.8
purl pkg:composer/drupal/core@9.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-9ss3-mvt3-8bem
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-bk92-66re-dkc5
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-ed6y-c9tz-mbds
9
vulnerability VCID-g33x-1paw-7udm
10
vulnerability VCID-gbz5-5frj-hber
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-k1gx-nznx-7qd6
16
vulnerability VCID-kam1-84p4-qych
17
vulnerability VCID-kc7d-5k6x-77bp
18
vulnerability VCID-mapb-hsvc-2khc
19
vulnerability VCID-n7un-zgqv-jfef
20
vulnerability VCID-q4qx-7s1y-q3hc
21
vulnerability VCID-rdgr-yuu7-xkey
22
vulnerability VCID-syrg-ckq7-cbd6
23
vulnerability VCID-u4w3-usvb-jyf6
24
vulnerability VCID-ummk-h11z-bkaj
25
vulnerability VCID-v9v6-ae3e-g3hk
26
vulnerability VCID-vevm-4sfk-f7gq
27
vulnerability VCID-vrdx-165p-efda
28
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.8
aliases CVE-2020-13671, GHSA-68jc-v27h-vhmw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6m8x-cfzp-tkf4
9
url VCID-77zc-1gc8-r7b7
vulnerability_id VCID-77zc-1gc8-r7b7
summary 
Unrestricted Upload of File with Dangerous Type
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
reference_id
reference_type
scores
0
value 0.00797
scoring_system epss
scoring_elements 0.73981
published_at 2026-04-04T12:55:00Z
1
value 0.00797
scoring_system epss
scoring_elements 0.73955
published_at 2026-04-02T12:55:00Z
2
value 0.00797
scoring_system epss
scoring_elements 0.73951
published_at 2026-04-07T12:55:00Z
3
value 0.00797
scoring_system epss
scoring_elements 0.73996
published_at 2026-04-13T12:55:00Z
4
value 0.00797
scoring_system epss
scoring_elements 0.74003
published_at 2026-04-12T12:55:00Z
5
value 0.00797
scoring_system epss
scoring_elements 0.74021
published_at 2026-04-11T12:55:00Z
6
value 0.00797
scoring_system epss
scoring_elements 0.73999
published_at 2026-04-09T12:55:00Z
7
value 0.00797
scoring_system epss
scoring_elements 0.73948
published_at 2026-04-01T12:55:00Z
8
value 0.00797
scoring_system epss
scoring_elements 0.73986
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-008
3
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
reference_id CVE-2020-13675
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
5
reference_url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
reference_id GHSA-v8wr-r69p-mmwx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-ed6y-c9tz-mbds
7
vulnerability VCID-g33x-1paw-7udm
8
vulnerability VCID-hgb1-xrne-e7c8
9
vulnerability VCID-hwnd-nuv7-jqbh
10
vulnerability VCID-j21d-w3g7-cbcg
11
vulnerability VCID-jctf-yffu-hbag
12
vulnerability VCID-kam1-84p4-qych
13
vulnerability VCID-mapb-hsvc-2khc
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-q4qx-7s1y-q3hc
16
vulnerability VCID-rdgr-yuu7-xkey
17
vulnerability VCID-syrg-ckq7-cbd6
18
vulnerability VCID-u4w3-usvb-jyf6
19
vulnerability VCID-ummk-h11z-bkaj
20
vulnerability VCID-vevm-4sfk-f7gq
21
vulnerability VCID-vrdx-165p-efda
22
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-kam1-84p4-qych
14
vulnerability VCID-mapb-hsvc-2khc
15
vulnerability VCID-n7un-zgqv-jfef
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-rdgr-yuu7-xkey
18
vulnerability VCID-syrg-ckq7-cbd6
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-ummk-h11z-bkaj
21
vulnerability VCID-vevm-4sfk-f7gq
22
vulnerability VCID-vrdx-165p-efda
23
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-674z-nf4t-b7ez
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-b4yh-gyrx-3yhh
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bk92-66re-dkc5
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-kam1-84p4-qych
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n7un-zgqv-jfef
18
vulnerability VCID-q4qx-7s1y-q3hc
19
vulnerability VCID-rdgr-yuu7-xkey
20
vulnerability VCID-syrg-ckq7-cbd6
21
vulnerability VCID-u4w3-usvb-jyf6
22
vulnerability VCID-ummk-h11z-bkaj
23
vulnerability VCID-vevm-4sfk-f7gq
24
vulnerability VCID-vrdx-165p-efda
25
vulnerability VCID-wbuz-qcp3-43aq
26
vulnerability VCID-zw3u-6ue7-efdf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13675, GHSA-v8wr-r69p-mmwx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-77zc-1gc8-r7b7
10
url VCID-7fs3-gwc7-nkes
vulnerability_id VCID-7fs3-gwc7-nkes
summary 
Drupal core Denial of Service
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-1.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-1.yaml
2
reference_url https://www.drupal.org/sa-core-2019-009
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-009
3
reference_url https://github.com/advisories/GHSA-pr99-c33p-fwf6
reference_id GHSA-pr99-c33p-fwf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr99-c33p-fwf6
fixed_packages
0
url pkg:composer/drupal/core@8.7.11
purl pkg:composer/drupal/core@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-5618-53yg-8qh4
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-cvxp-ctj9-guej
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-jrb8-jnz4-83c8
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n119-gta2-kfg1
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-nj3a-eb59-jygs
24
vulnerability VCID-qvbt-7e55-4bg4
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-uqcw-p8g2-cfd2
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
34
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.11
1
url pkg:composer/drupal/core@8.8.1
purl pkg:composer/drupal/core@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-5618-53yg-8qh4
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-6m8x-cfzp-tkf4
6
vulnerability VCID-77zc-1gc8-r7b7
7
vulnerability VCID-9qyz-jfgb-5yfs
8
vulnerability VCID-9ss3-mvt3-8bem
9
vulnerability VCID-agtf-c53h-2fdx
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-bkxp-gn34-67av
12
vulnerability VCID-cvxp-ctj9-guej
13
vulnerability VCID-dgjq-y5zj-cud1
14
vulnerability VCID-ed6y-c9tz-mbds
15
vulnerability VCID-fwbj-ctxz-2bc6
16
vulnerability VCID-g33x-1paw-7udm
17
vulnerability VCID-gbz5-5frj-hber
18
vulnerability VCID-hgb1-xrne-e7c8
19
vulnerability VCID-hwnd-nuv7-jqbh
20
vulnerability VCID-j21d-w3g7-cbcg
21
vulnerability VCID-jctf-yffu-hbag
22
vulnerability VCID-jrb8-jnz4-83c8
23
vulnerability VCID-k1gx-nznx-7qd6
24
vulnerability VCID-kam1-84p4-qych
25
vulnerability VCID-mapb-hsvc-2khc
26
vulnerability VCID-mhk6-9qdy-83f3
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-nj3a-eb59-jygs
30
vulnerability VCID-ptxz-rvbt-hqhz
31
vulnerability VCID-q4qx-7s1y-q3hc
32
vulnerability VCID-qvbt-7e55-4bg4
33
vulnerability VCID-rdgr-yuu7-xkey
34
vulnerability VCID-rxhd-nkpr-87fm
35
vulnerability VCID-ssyn-dxp9-3kdq
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u4w3-usvb-jyf6
38
vulnerability VCID-ummk-h11z-bkaj
39
vulnerability VCID-uqcw-p8g2-cfd2
40
vulnerability VCID-v9v6-ae3e-g3hk
41
vulnerability VCID-vevm-4sfk-f7gq
42
vulnerability VCID-vrdx-165p-efda
43
vulnerability VCID-w6cz-mg4v-3udj
44
vulnerability VCID-wbuz-qcp3-43aq
45
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.1
aliases GHSA-pr99-c33p-fwf6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7fs3-gwc7-nkes
11
url VCID-9ss3-mvt3-8bem
vulnerability_id VCID-9ss3-mvt3-8bem
summary 
Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:
CVE-2020-28948
CVE-2020-28949

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml
2
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
3
reference_url https://github.com/advisories/GHSA-gxxj-g9v8-w28p
reference_id GHSA-gxxj-g9v8-w28p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gxxj-g9v8-w28p
fixed_packages
0
url pkg:composer/drupal/core@8.8.12
purl pkg:composer/drupal/core@8.8.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-bkxp-gn34-67av
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-ed6y-c9tz-mbds
9
vulnerability VCID-fwbj-ctxz-2bc6
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-k1gx-nznx-7qd6
16
vulnerability VCID-kam1-84p4-qych
17
vulnerability VCID-mapb-hsvc-2khc
18
vulnerability VCID-n7un-zgqv-jfef
19
vulnerability VCID-q4qx-7s1y-q3hc
20
vulnerability VCID-qvbt-7e55-4bg4
21
vulnerability VCID-rdgr-yuu7-xkey
22
vulnerability VCID-syrg-ckq7-cbd6
23
vulnerability VCID-u4w3-usvb-jyf6
24
vulnerability VCID-ummk-h11z-bkaj
25
vulnerability VCID-vevm-4sfk-f7gq
26
vulnerability VCID-vrdx-165p-efda
27
vulnerability VCID-w6cz-mg4v-3udj
28
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.12
1
url pkg:composer/drupal/core@8.9.10
purl pkg:composer/drupal/core@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-bkxp-gn34-67av
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-ed6y-c9tz-mbds
9
vulnerability VCID-fwbj-ctxz-2bc6
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-k1gx-nznx-7qd6
16
vulnerability VCID-kam1-84p4-qych
17
vulnerability VCID-kc7d-5k6x-77bp
18
vulnerability VCID-mapb-hsvc-2khc
19
vulnerability VCID-n7un-zgqv-jfef
20
vulnerability VCID-q4qx-7s1y-q3hc
21
vulnerability VCID-qvbt-7e55-4bg4
22
vulnerability VCID-rdgr-yuu7-xkey
23
vulnerability VCID-syrg-ckq7-cbd6
24
vulnerability VCID-u4w3-usvb-jyf6
25
vulnerability VCID-ummk-h11z-bkaj
26
vulnerability VCID-vevm-4sfk-f7gq
27
vulnerability VCID-vrdx-165p-efda
28
vulnerability VCID-w6cz-mg4v-3udj
29
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10
2
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-k1gx-nznx-7qd6
14
vulnerability VCID-kam1-84p4-qych
15
vulnerability VCID-kc7d-5k6x-77bp
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n7un-zgqv-jfef
18
vulnerability VCID-q4qx-7s1y-q3hc
19
vulnerability VCID-rdgr-yuu7-xkey
20
vulnerability VCID-syrg-ckq7-cbd6
21
vulnerability VCID-u4w3-usvb-jyf6
22
vulnerability VCID-ummk-h11z-bkaj
23
vulnerability VCID-vevm-4sfk-f7gq
24
vulnerability VCID-vrdx-165p-efda
25
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
aliases GHSA-gxxj-g9v8-w28p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ss3-mvt3-8bem
12
url VCID-bbzr-hbhv-yyee
vulnerability_id VCID-bbzr-hbhv-yyee
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51563
published_at 2026-04-04T12:55:00Z
1
value 0.00282
scoring_system epss
scoring_elements 0.51586
published_at 2026-04-13T12:55:00Z
2
value 0.00282
scoring_system epss
scoring_elements 0.51603
published_at 2026-04-12T12:55:00Z
3
value 0.00282
scoring_system epss
scoring_elements 0.51577
published_at 2026-04-08T12:55:00Z
4
value 0.00282
scoring_system epss
scoring_elements 0.51523
published_at 2026-04-07T12:55:00Z
5
value 0.00282
scoring_system epss
scoring_elements 0.51624
published_at 2026-04-11T12:55:00Z
6
value 0.00282
scoring_system epss
scoring_elements 0.51574
published_at 2026-04-09T12:55:00Z
7
value 0.00282
scoring_system epss
scoring_elements 0.51536
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/
url https://www.drupal.org/sa-core-2022-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
reference_id CVE-2022-25273
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
4
reference_url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
reference_id GHSA-g36h-4jr6-qmm9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
fixed_packages
0
url pkg:composer/drupal/core@9.2.18
purl pkg:composer/drupal/core@9.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-674z-nf4t-b7ez
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-kam1-84p4-qych
14
vulnerability VCID-mapb-hsvc-2khc
15
vulnerability VCID-n7un-zgqv-jfef
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-rdgr-yuu7-xkey
18
vulnerability VCID-syrg-ckq7-cbd6
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-ummk-h11z-bkaj
21
vulnerability VCID-vevm-4sfk-f7gq
22
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.18
1
url pkg:composer/drupal/core@9.3.12
purl pkg:composer/drupal/core@9.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-674z-nf4t-b7ez
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-kam1-84p4-qych
14
vulnerability VCID-mapb-hsvc-2khc
15
vulnerability VCID-n7un-zgqv-jfef
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-rdgr-yuu7-xkey
18
vulnerability VCID-syrg-ckq7-cbd6
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-ummk-h11z-bkaj
21
vulnerability VCID-vevm-4sfk-f7gq
22
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.12
aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbzr-hbhv-yyee
13
url VCID-bkxp-gn34-67av
vulnerability_id VCID-bkxp-gn34-67av
summary 
Cross-Site Request Forgery (CSRF)
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33968
published_at 2026-04-01T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.34208
published_at 2026-04-13T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.34231
published_at 2026-04-12T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.34273
published_at 2026-04-11T12:55:00Z
4
value 0.0014
scoring_system epss
scoring_elements 0.34272
published_at 2026-04-09T12:55:00Z
5
value 0.0014
scoring_system epss
scoring_elements 0.34243
published_at 2026-04-08T12:55:00Z
6
value 0.0014
scoring_system epss
scoring_elements 0.342
published_at 2026-04-07T12:55:00Z
7
value 0.0014
scoring_system epss
scoring_elements 0.34336
published_at 2026-04-04T12:55:00Z
8
value 0.0014
scoring_system epss
scoring_elements 0.34307
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
3
reference_url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
4
reference_url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
5
reference_url https://www.drupal.org/sa-core-2021-007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-007
6
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
reference_id CVE-2020-13674
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
8
reference_url https://github.com/advisories/GHSA-j586-cj67-vg4p
reference_id GHSA-j586-cj67-vg4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j586-cj67-vg4p
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-ed6y-c9tz-mbds
7
vulnerability VCID-g33x-1paw-7udm
8
vulnerability VCID-hgb1-xrne-e7c8
9
vulnerability VCID-hwnd-nuv7-jqbh
10
vulnerability VCID-j21d-w3g7-cbcg
11
vulnerability VCID-jctf-yffu-hbag
12
vulnerability VCID-kam1-84p4-qych
13
vulnerability VCID-mapb-hsvc-2khc
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-q4qx-7s1y-q3hc
16
vulnerability VCID-rdgr-yuu7-xkey
17
vulnerability VCID-syrg-ckq7-cbd6
18
vulnerability VCID-u4w3-usvb-jyf6
19
vulnerability VCID-ummk-h11z-bkaj
20
vulnerability VCID-vevm-4sfk-f7gq
21
vulnerability VCID-vrdx-165p-efda
22
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-kam1-84p4-qych
14
vulnerability VCID-mapb-hsvc-2khc
15
vulnerability VCID-n7un-zgqv-jfef
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-rdgr-yuu7-xkey
18
vulnerability VCID-syrg-ckq7-cbd6
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-ummk-h11z-bkaj
21
vulnerability VCID-vevm-4sfk-f7gq
22
vulnerability VCID-vrdx-165p-efda
23
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-674z-nf4t-b7ez
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-b4yh-gyrx-3yhh
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bk92-66re-dkc5
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-kam1-84p4-qych
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n7un-zgqv-jfef
18
vulnerability VCID-q4qx-7s1y-q3hc
19
vulnerability VCID-rdgr-yuu7-xkey
20
vulnerability VCID-syrg-ckq7-cbd6
21
vulnerability VCID-u4w3-usvb-jyf6
22
vulnerability VCID-ummk-h11z-bkaj
23
vulnerability VCID-vevm-4sfk-f7gq
24
vulnerability VCID-vrdx-165p-efda
25
vulnerability VCID-wbuz-qcp3-43aq
26
vulnerability VCID-zw3u-6ue7-efdf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13674, GHSA-j586-cj67-vg4p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bkxp-gn34-67av
14
url VCID-c9dm-17vt-4bbc
vulnerability_id VCID-c9dm-17vt-4bbc
summary Improper Access Control in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases 2018-10-17-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c9dm-17vt-4bbc
15
url VCID-cucx-jfqf-pkd1
vulnerability_id VCID-cucx-jfqf-pkd1
summary 
Deserialization of Untrusted Data
Drupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6338
reference_id
reference_type
scores
0
value 0.01047
scoring_system epss
scoring_elements 0.77449
published_at 2026-04-01T12:55:00Z
1
value 0.01047
scoring_system epss
scoring_elements 0.77504
published_at 2026-04-13T12:55:00Z
2
value 0.01047
scoring_system epss
scoring_elements 0.77507
published_at 2026-04-12T12:55:00Z
3
value 0.01047
scoring_system epss
scoring_elements 0.77526
published_at 2026-04-11T12:55:00Z
4
value 0.01047
scoring_system epss
scoring_elements 0.775
published_at 2026-04-09T12:55:00Z
5
value 0.01047
scoring_system epss
scoring_elements 0.77491
published_at 2026-04-08T12:55:00Z
6
value 0.01047
scoring_system epss
scoring_elements 0.77461
published_at 2026-04-07T12:55:00Z
7
value 0.01047
scoring_system epss
scoring_elements 0.7748
published_at 2026-04-04T12:55:00Z
8
value 0.01047
scoring_system epss
scoring_elements 0.77455
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6338
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6338
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6338
6
reference_url https://www.debian.org/security/2019/dsa-4370
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4370
7
reference_url https://www.drupal.org/sa-core-2019-001
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-001
8
reference_url http://www.securityfocus.com/bid/106706
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106706
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
12
reference_url https://github.com/advisories/GHSA-6rmq-x2hv-vxpp
reference_id GHSA-6rmq-x2hv-vxpp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6rmq-x2hv-vxpp
fixed_packages
0
url pkg:composer/drupal/core@8.6.6
purl pkg:composer/drupal/core@8.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3s9f-prpy-hbcx
2
vulnerability VCID-565p-mgqe-gkfc
3
vulnerability VCID-5kh7-v1uc-wfha
4
vulnerability VCID-636u-5bdw-puh4
5
vulnerability VCID-6ck5-9e5b-w3ay
6
vulnerability VCID-6m8x-cfzp-tkf4
7
vulnerability VCID-77zc-1gc8-r7b7
8
vulnerability VCID-7fs3-gwc7-nkes
9
vulnerability VCID-9ss3-mvt3-8bem
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-bkxp-gn34-67av
12
vulnerability VCID-dgjq-y5zj-cud1
13
vulnerability VCID-djgn-ezxp-37eu
14
vulnerability VCID-ed6y-c9tz-mbds
15
vulnerability VCID-fwbj-ctxz-2bc6
16
vulnerability VCID-g33x-1paw-7udm
17
vulnerability VCID-hgb1-xrne-e7c8
18
vulnerability VCID-hwnd-nuv7-jqbh
19
vulnerability VCID-j21d-w3g7-cbcg
20
vulnerability VCID-jctf-yffu-hbag
21
vulnerability VCID-jrb8-jnz4-83c8
22
vulnerability VCID-k1gx-nznx-7qd6
23
vulnerability VCID-kam1-84p4-qych
24
vulnerability VCID-mapb-hsvc-2khc
25
vulnerability VCID-n119-gta2-kfg1
26
vulnerability VCID-n7un-zgqv-jfef
27
vulnerability VCID-qvbt-7e55-4bg4
28
vulnerability VCID-rhj7-dy7q-jkhw
29
vulnerability VCID-st6v-ch5g-r7h2
30
vulnerability VCID-syrg-ckq7-cbd6
31
vulnerability VCID-u4w3-usvb-jyf6
32
vulnerability VCID-ummk-h11z-bkaj
33
vulnerability VCID-uqcw-p8g2-cfd2
34
vulnerability VCID-v9v6-ae3e-g3hk
35
vulnerability VCID-vevm-4sfk-f7gq
36
vulnerability VCID-vrdx-165p-efda
37
vulnerability VCID-w6cz-mg4v-3udj
38
vulnerability VCID-wbuz-qcp3-43aq
39
vulnerability VCID-ww44-hb2y-mfd5
40
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6
aliases CVE-2019-6338, GHSA-6rmq-x2hv-vxpp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cucx-jfqf-pkd1
16
url VCID-dgjq-y5zj-cud1
vulnerability_id VCID-dgjq-y5zj-cud1
summary 
Improper Access Control
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
reference_id
reference_type
scores
0
value 0.00452
scoring_system epss
scoring_elements 0.63732
published_at 2026-04-13T12:55:00Z
1
value 0.00452
scoring_system epss
scoring_elements 0.63711
published_at 2026-04-02T12:55:00Z
2
value 0.00452
scoring_system epss
scoring_elements 0.63737
published_at 2026-04-04T12:55:00Z
3
value 0.00452
scoring_system epss
scoring_elements 0.63697
published_at 2026-04-07T12:55:00Z
4
value 0.00452
scoring_system epss
scoring_elements 0.63749
published_at 2026-04-08T12:55:00Z
5
value 0.00452
scoring_system epss
scoring_elements 0.63766
published_at 2026-04-09T12:55:00Z
6
value 0.00452
scoring_system epss
scoring_elements 0.6378
published_at 2026-04-11T12:55:00Z
7
value 0.00452
scoring_system epss
scoring_elements 0.63765
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-013
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/
url https://www.drupal.org/sa-core-2022-013
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
reference_id CVE-2022-25278
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
reference_id CVE-2022-25278.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
5
reference_url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
reference_id GHSA-cfh2-7f6h-3m85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-ummk-h11z-bkaj
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-ummk-h11z-bkaj
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25278, GHSA-cfh2-7f6h-3m85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgjq-y5zj-cud1
17
url VCID-djgn-ezxp-37eu
vulnerability_id VCID-djgn-ezxp-37eu
summary 
Cross-site Scripting
Under certain circumstances the File `module/subsystem` allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6341
reference_id
reference_type
scores
0
value 0.46484
scoring_system epss
scoring_elements 0.9764
published_at 2026-04-02T12:55:00Z
1
value 0.46484
scoring_system epss
scoring_elements 0.97655
published_at 2026-04-13T12:55:00Z
2
value 0.46484
scoring_system epss
scoring_elements 0.97652
published_at 2026-04-11T12:55:00Z
3
value 0.46484
scoring_system epss
scoring_elements 0.9765
published_at 2026-04-09T12:55:00Z
4
value 0.46484
scoring_system epss
scoring_elements 0.97648
published_at 2026-04-08T12:55:00Z
5
value 0.46484
scoring_system epss
scoring_elements 0.97644
published_at 2026-04-07T12:55:00Z
6
value 0.46484
scoring_system epss
scoring_elements 0.97642
published_at 2026-04-04T12:55:00Z
7
value 0.46484
scoring_system epss
scoring_elements 0.97634
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6341
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml
5
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/
22
reference_url https://www.drupal.org/sa-core-2019-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-004
23
reference_url https://www.drupal.org/SA-CORE-2019-004
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2019-004
24
reference_url https://www.synology.com/security/advisory/Synology_SA_19_13
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_13
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6341
reference_id CVE-2019-6341
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6341
30
reference_url https://github.com/advisories/GHSA-cmmh-8mwp-gq5p
reference_id GHSA-cmmh-8mwp-gq5p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cmmh-8mwp-gq5p
fixed_packages
0
url pkg:composer/drupal/core@8.5.14
purl pkg:composer/drupal/core@8.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3s9f-prpy-hbcx
2
vulnerability VCID-5kh7-v1uc-wfha
3
vulnerability VCID-636u-5bdw-puh4
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-6m8x-cfzp-tkf4
6
vulnerability VCID-77zc-1gc8-r7b7
7
vulnerability VCID-7fs3-gwc7-nkes
8
vulnerability VCID-9ss3-mvt3-8bem
9
vulnerability VCID-bbzr-hbhv-yyee
10
vulnerability VCID-bkxp-gn34-67av
11
vulnerability VCID-dgjq-y5zj-cud1
12
vulnerability VCID-ed6y-c9tz-mbds
13
vulnerability VCID-fwbj-ctxz-2bc6
14
vulnerability VCID-g33x-1paw-7udm
15
vulnerability VCID-hgb1-xrne-e7c8
16
vulnerability VCID-hwnd-nuv7-jqbh
17
vulnerability VCID-j21d-w3g7-cbcg
18
vulnerability VCID-jctf-yffu-hbag
19
vulnerability VCID-jrb8-jnz4-83c8
20
vulnerability VCID-k1gx-nznx-7qd6
21
vulnerability VCID-kam1-84p4-qych
22
vulnerability VCID-mapb-hsvc-2khc
23
vulnerability VCID-n119-gta2-kfg1
24
vulnerability VCID-n7un-zgqv-jfef
25
vulnerability VCID-qvbt-7e55-4bg4
26
vulnerability VCID-st6v-ch5g-r7h2
27
vulnerability VCID-syrg-ckq7-cbd6
28
vulnerability VCID-u4w3-usvb-jyf6
29
vulnerability VCID-ummk-h11z-bkaj
30
vulnerability VCID-uqcw-p8g2-cfd2
31
vulnerability VCID-v9v6-ae3e-g3hk
32
vulnerability VCID-vevm-4sfk-f7gq
33
vulnerability VCID-vrdx-165p-efda
34
vulnerability VCID-w6cz-mg4v-3udj
35
vulnerability VCID-wbuz-qcp3-43aq
36
vulnerability VCID-ww44-hb2y-mfd5
37
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.14
1
url pkg:composer/drupal/core@8.6.13
purl pkg:composer/drupal/core@8.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3s9f-prpy-hbcx
2
vulnerability VCID-5kh7-v1uc-wfha
3
vulnerability VCID-636u-5bdw-puh4
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-6m8x-cfzp-tkf4
6
vulnerability VCID-77zc-1gc8-r7b7
7
vulnerability VCID-7fs3-gwc7-nkes
8
vulnerability VCID-9ss3-mvt3-8bem
9
vulnerability VCID-bbzr-hbhv-yyee
10
vulnerability VCID-bkxp-gn34-67av
11
vulnerability VCID-dgjq-y5zj-cud1
12
vulnerability VCID-ed6y-c9tz-mbds
13
vulnerability VCID-fwbj-ctxz-2bc6
14
vulnerability VCID-g33x-1paw-7udm
15
vulnerability VCID-hgb1-xrne-e7c8
16
vulnerability VCID-hwnd-nuv7-jqbh
17
vulnerability VCID-j21d-w3g7-cbcg
18
vulnerability VCID-jctf-yffu-hbag
19
vulnerability VCID-jrb8-jnz4-83c8
20
vulnerability VCID-k1gx-nznx-7qd6
21
vulnerability VCID-kam1-84p4-qych
22
vulnerability VCID-mapb-hsvc-2khc
23
vulnerability VCID-n119-gta2-kfg1
24
vulnerability VCID-n7un-zgqv-jfef
25
vulnerability VCID-qvbt-7e55-4bg4
26
vulnerability VCID-st6v-ch5g-r7h2
27
vulnerability VCID-syrg-ckq7-cbd6
28
vulnerability VCID-u4w3-usvb-jyf6
29
vulnerability VCID-ummk-h11z-bkaj
30
vulnerability VCID-uqcw-p8g2-cfd2
31
vulnerability VCID-v9v6-ae3e-g3hk
32
vulnerability VCID-vevm-4sfk-f7gq
33
vulnerability VCID-vrdx-165p-efda
34
vulnerability VCID-w6cz-mg4v-3udj
35
vulnerability VCID-wbuz-qcp3-43aq
36
vulnerability VCID-ww44-hb2y-mfd5
37
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.13
aliases CVE-2019-6341, GHSA-cmmh-8mwp-gq5p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djgn-ezxp-37eu
18
url VCID-dqf8-ea9f-yber
vulnerability_id VCID-dqf8-ea9f-yber
summary 
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
The Contextual Links module doesn't sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-5.yaml
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-5.yaml
2
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-006
3
reference_url https://github.com/advisories/GHSA-7v68-3pr5-h3cr
reference_id GHSA-7v68-3pr5-h3cr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7v68-3pr5-h3cr
fixed_packages
0
url pkg:composer/drupal/core@8.5.8
purl pkg:composer/drupal/core@8.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-c9dm-17vt-4bbc
14
vulnerability VCID-cucx-jfqf-pkd1
15
vulnerability VCID-dgjq-y5zj-cud1
16
vulnerability VCID-djgn-ezxp-37eu
17
vulnerability VCID-ed6y-c9tz-mbds
18
vulnerability VCID-fwbj-ctxz-2bc6
19
vulnerability VCID-g33x-1paw-7udm
20
vulnerability VCID-gzcu-sbks-wyfa
21
vulnerability VCID-hgb1-xrne-e7c8
22
vulnerability VCID-hwnd-nuv7-jqbh
23
vulnerability VCID-j21d-w3g7-cbcg
24
vulnerability VCID-jctf-yffu-hbag
25
vulnerability VCID-jrb8-jnz4-83c8
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kam1-84p4-qych
28
vulnerability VCID-mapb-hsvc-2khc
29
vulnerability VCID-n119-gta2-kfg1
30
vulnerability VCID-n7un-zgqv-jfef
31
vulnerability VCID-nd8n-5dsu-2fbp
32
vulnerability VCID-qvbt-7e55-4bg4
33
vulnerability VCID-rhj7-dy7q-jkhw
34
vulnerability VCID-rr4q-f5cv-nkah
35
vulnerability VCID-st6v-ch5g-r7h2
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u1xx-aazv-bkg5
38
vulnerability VCID-u4w3-usvb-jyf6
39
vulnerability VCID-ummk-h11z-bkaj
40
vulnerability VCID-uqcw-p8g2-cfd2
41
vulnerability VCID-v9v6-ae3e-g3hk
42
vulnerability VCID-vevm-4sfk-f7gq
43
vulnerability VCID-vrdx-165p-efda
44
vulnerability VCID-w6cz-mg4v-3udj
45
vulnerability VCID-wbuz-qcp3-43aq
46
vulnerability VCID-ww44-hb2y-mfd5
47
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.8
1
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GHSA-7v68-3pr5-h3cr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqf8-ea9f-yber
19
url VCID-ed6y-c9tz-mbds
vulnerability_id VCID-ed6y-c9tz-mbds
summary 
Drupal Core Cross-Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.45919
published_at 2026-04-07T12:55:00Z
1
value 0.00232
scoring_system epss
scoring_elements 0.45972
published_at 2026-04-09T12:55:00Z
2
value 0.00232
scoring_system epss
scoring_elements 0.45968
published_at 2026-04-12T12:55:00Z
3
value 0.00232
scoring_system epss
scoring_elements 0.45996
published_at 2026-04-11T12:55:00Z
4
value 0.00232
scoring_system epss
scoring_elements 0.45975
published_at 2026-04-13T12:55:00Z
5
value 0.00272
scoring_system epss
scoring_elements 0.50622
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
3
reference_url https://www.drupal.org/sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.drupal.org/sa-core-2025-004
4
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
reference_id cve-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
5
reference_url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
reference_id GHSA-m4wj-hhwj-47qp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
6
reference_url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
reference_id link-moderately-critical-cross-site-scripting-sa-core-2025-004
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
fixed_packages
0
url pkg:composer/drupal/core@10.3.14
purl pkg:composer/drupal/core@10.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g33x-1paw-7udm
1
vulnerability VCID-hgb1-xrne-e7c8
2
vulnerability VCID-hwnd-nuv7-jqbh
3
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14
1
url pkg:composer/drupal/core@10.4.5
purl pkg:composer/drupal/core@10.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g33x-1paw-7udm
1
vulnerability VCID-hgb1-xrne-e7c8
2
vulnerability VCID-hwnd-nuv7-jqbh
3
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5
2
url pkg:composer/drupal/core@11.0.13
purl pkg:composer/drupal/core@11.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g33x-1paw-7udm
1
vulnerability VCID-hgb1-xrne-e7c8
2
vulnerability VCID-hwnd-nuv7-jqbh
3
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13
3
url pkg:composer/drupal/core@11.1.5
purl pkg:composer/drupal/core@11.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g33x-1paw-7udm
1
vulnerability VCID-hgb1-xrne-e7c8
2
vulnerability VCID-hwnd-nuv7-jqbh
3
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5
aliases CVE-2025-31675, GHSA-m4wj-hhwj-47qp
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ed6y-c9tz-mbds
20
url VCID-fwbj-ctxz-2bc6
vulnerability_id VCID-fwbj-ctxz-2bc6
summary 
Incorrect Authorization
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.51854
published_at 2026-04-13T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.51748
published_at 2026-04-01T12:55:00Z
2
value 0.00285
scoring_system epss
scoring_elements 0.51797
published_at 2026-04-02T12:55:00Z
3
value 0.00285
scoring_system epss
scoring_elements 0.51823
published_at 2026-04-04T12:55:00Z
4
value 0.00285
scoring_system epss
scoring_elements 0.51784
published_at 2026-04-07T12:55:00Z
5
value 0.00285
scoring_system epss
scoring_elements 0.51839
published_at 2026-04-08T12:55:00Z
6
value 0.00285
scoring_system epss
scoring_elements 0.51837
published_at 2026-04-09T12:55:00Z
7
value 0.00285
scoring_system epss
scoring_elements 0.51888
published_at 2026-04-11T12:55:00Z
8
value 0.00285
scoring_system epss
scoring_elements 0.5187
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
3
reference_url https://www.drupal.org/sa-core-2021-009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-009
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
reference_id CVE-2020-13676
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
6
reference_url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
reference_id GHSA-qfhg-m6r8-xxpj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-ed6y-c9tz-mbds
7
vulnerability VCID-g33x-1paw-7udm
8
vulnerability VCID-hgb1-xrne-e7c8
9
vulnerability VCID-hwnd-nuv7-jqbh
10
vulnerability VCID-j21d-w3g7-cbcg
11
vulnerability VCID-jctf-yffu-hbag
12
vulnerability VCID-kam1-84p4-qych
13
vulnerability VCID-mapb-hsvc-2khc
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-q4qx-7s1y-q3hc
16
vulnerability VCID-rdgr-yuu7-xkey
17
vulnerability VCID-syrg-ckq7-cbd6
18
vulnerability VCID-u4w3-usvb-jyf6
19
vulnerability VCID-ummk-h11z-bkaj
20
vulnerability VCID-vevm-4sfk-f7gq
21
vulnerability VCID-vrdx-165p-efda
22
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-kam1-84p4-qych
14
vulnerability VCID-mapb-hsvc-2khc
15
vulnerability VCID-n7un-zgqv-jfef
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-rdgr-yuu7-xkey
18
vulnerability VCID-syrg-ckq7-cbd6
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-ummk-h11z-bkaj
21
vulnerability VCID-vevm-4sfk-f7gq
22
vulnerability VCID-vrdx-165p-efda
23
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-674z-nf4t-b7ez
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-b4yh-gyrx-3yhh
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bk92-66re-dkc5
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-kam1-84p4-qych
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n7un-zgqv-jfef
18
vulnerability VCID-q4qx-7s1y-q3hc
19
vulnerability VCID-rdgr-yuu7-xkey
20
vulnerability VCID-syrg-ckq7-cbd6
21
vulnerability VCID-u4w3-usvb-jyf6
22
vulnerability VCID-ummk-h11z-bkaj
23
vulnerability VCID-vevm-4sfk-f7gq
24
vulnerability VCID-vrdx-165p-efda
25
vulnerability VCID-wbuz-qcp3-43aq
26
vulnerability VCID-zw3u-6ue7-efdf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13676, GHSA-qfhg-m6r8-xxpj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwbj-ctxz-2bc6
21
url VCID-g33x-1paw-7udm
vulnerability_id VCID-g33x-1paw-7udm
summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.29467
published_at 2026-04-12T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.29511
published_at 2026-04-11T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.29415
published_at 2026-04-13T12:55:00Z
3
value 0.00199
scoring_system epss
scoring_elements 0.41909
published_at 2026-04-07T12:55:00Z
4
value 0.00199
scoring_system epss
scoring_elements 0.41955
published_at 2026-04-02T12:55:00Z
5
value 0.00199
scoring_system epss
scoring_elements 0.41983
published_at 2026-04-04T12:55:00Z
6
value 0.00199
scoring_system epss
scoring_elements 0.41971
published_at 2026-04-09T12:55:00Z
7
value 0.00199
scoring_system epss
scoring_elements 0.41959
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/
url https://www.drupal.org/sa-core-2025-006
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
reference_id CVE-2025-13081
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
4
reference_url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
reference_id GHSA-m6vv-vcj8-w8m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13081, GHSA-m6vv-vcj8-w8m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g33x-1paw-7udm
22
url VCID-gzcu-sbks-wyfa
vulnerability_id VCID-gzcu-sbks-wyfa
summary 
URL Redirection to Untrusted Site ('Open Redirect')
External URL injection through URL aliases in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases 2018-10-17-2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzcu-sbks-wyfa
23
url VCID-hgb1-xrne-e7c8
vulnerability_id VCID-hgb1-xrne-e7c8
summary Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.24067
published_at 2026-04-11T12:55:00Z
1
value 0.00082
scoring_system epss
scoring_elements 0.23969
published_at 2026-04-13T12:55:00Z
2
value 0.00082
scoring_system epss
scoring_elements 0.24025
published_at 2026-04-12T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.28019
published_at 2026-04-07T12:55:00Z
4
value 0.00102
scoring_system epss
scoring_elements 0.28086
published_at 2026-04-08T12:55:00Z
5
value 0.00102
scoring_system epss
scoring_elements 0.28224
published_at 2026-04-04T12:55:00Z
6
value 0.00102
scoring_system epss
scoring_elements 0.28129
published_at 2026-04-09T12:55:00Z
7
value 0.00102
scoring_system epss
scoring_elements 0.28181
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/
url https://www.drupal.org/sa-core-2025-005
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
reference_id CVE-2025-13080
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
4
reference_url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
reference_id GHSA-83v7-c2cf-p9c2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13080, GHSA-83v7-c2cf-p9c2
risk_score 1.9
exploitability 0.5
weighted_severity 3.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgb1-xrne-e7c8
24
url VCID-hwnd-nuv7-jqbh
vulnerability_id VCID-hwnd-nuv7-jqbh
summary User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11666
published_at 2026-04-11T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11603
published_at 2026-04-13T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.1163
published_at 2026-04-12T12:55:00Z
3
value 0.00073
scoring_system epss
scoring_elements 0.22125
published_at 2026-04-07T12:55:00Z
4
value 0.00073
scoring_system epss
scoring_elements 0.22208
published_at 2026-04-08T12:55:00Z
5
value 0.00073
scoring_system epss
scoring_elements 0.2234
published_at 2026-04-04T12:55:00Z
6
value 0.00073
scoring_system epss
scoring_elements 0.22263
published_at 2026-04-09T12:55:00Z
7
value 0.00073
scoring_system epss
scoring_elements 0.22297
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-007
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/
url https://www.drupal.org/sa-core-2025-007
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
reference_id CVE-2025-13082
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
4
reference_url https://github.com/advisories/GHSA-h89p-5896-f4q8
reference_id GHSA-h89p-5896-f4q8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h89p-5896-f4q8
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13082, GHSA-h89p-5896-f4q8
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwnd-nuv7-jqbh
25
url VCID-j21d-w3g7-cbcg
vulnerability_id VCID-j21d-w3g7-cbcg
summary 
Drupal Core Vulnerable to Forceful Browsing
Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39249
published_at 2026-04-13T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39281
published_at 2026-04-02T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39304
published_at 2026-04-04T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.39223
published_at 2026-04-07T12:55:00Z
4
value 0.00177
scoring_system epss
scoring_elements 0.39278
published_at 2026-04-08T12:55:00Z
5
value 0.00177
scoring_system epss
scoring_elements 0.39294
published_at 2026-04-09T12:55:00Z
6
value 0.00177
scoring_system epss
scoring_elements 0.39306
published_at 2026-04-11T12:55:00Z
7
value 0.00177
scoring_system epss
scoring_elements 0.39268
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
3
reference_url https://www.drupal.org/sa-core-2025-002
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/
url https://www.drupal.org/sa-core-2025-002
4
reference_url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
reference_id GHSA-wpp8-fjgf-pwc7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31673, GHSA-wpp8-fjgf-pwc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j21d-w3g7-cbcg
26
url VCID-jctf-yffu-hbag
vulnerability_id VCID-jctf-yffu-hbag
summary 
Drupal core Denial of Service vulnerability
The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
2
reference_url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
4
reference_url https://www.drupal.org/sa-core-2024-001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2024-001
5
reference_url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
reference_id GHSA-6ccv-8fgf-cjpw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
fixed_packages
0
url pkg:composer/drupal/core@10.1.8
purl pkg:composer/drupal/core@10.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-ed6y-c9tz-mbds
3
vulnerability VCID-g33x-1paw-7udm
4
vulnerability VCID-hgb1-xrne-e7c8
5
vulnerability VCID-hwnd-nuv7-jqbh
6
vulnerability VCID-j21d-w3g7-cbcg
7
vulnerability VCID-kam1-84p4-qych
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-rdgr-yuu7-xkey
10
vulnerability VCID-syrg-ckq7-cbd6
11
vulnerability VCID-u2d4-5g3d-zqbt
12
vulnerability VCID-u4w3-usvb-jyf6
13
vulnerability VCID-vevm-4sfk-f7gq
14
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8
1
url pkg:composer/drupal/core@10.2.2
purl pkg:composer/drupal/core@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-ed6y-c9tz-mbds
3
vulnerability VCID-g33x-1paw-7udm
4
vulnerability VCID-hgb1-xrne-e7c8
5
vulnerability VCID-hwnd-nuv7-jqbh
6
vulnerability VCID-j21d-w3g7-cbcg
7
vulnerability VCID-kam1-84p4-qych
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-rdgr-yuu7-xkey
10
vulnerability VCID-syrg-ckq7-cbd6
11
vulnerability VCID-u2d4-5g3d-zqbt
12
vulnerability VCID-u4w3-usvb-jyf6
13
vulnerability VCID-vevm-4sfk-f7gq
14
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2
aliases GHSA-6ccv-8fgf-cjpw, GMS-2024-214
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jctf-yffu-hbag
27
url VCID-jrb8-jnz4-83c8
vulnerability_id VCID-jrb8-jnz4-83c8
summary 
Drupal core uses a vulnerable Third-party library CKEditor
The Drupal project uses the third-party library [CKEditor](https://github.com/ckeditor/ckeditor4), which has released a [security improvement](https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed) that is needed to protect some Drupal configurations.

Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site's users. An attacker that can create or edit content may be able to exploit this Cross Site Scripting (XSS) vulnerability to target users with access to the WYSIWYG CKEditor, and this may include site admins with privileged access.

The latest versions of Drupal update CKEditor to 4.14 to mitigate the vulnerabilities.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-03-18.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-03-18.yaml
2
reference_url https://www.drupal.org/sa-core-2020-001
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-001
3
reference_url https://github.com/advisories/GHSA-v273-j5hq-26xp
reference_id GHSA-v273-j5hq-26xp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v273-j5hq-26xp
fixed_packages
0
url pkg:composer/drupal/core@8.7.12
purl pkg:composer/drupal/core@8.7.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-5618-53yg-8qh4
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-cvxp-ctj9-guej
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-k1gx-nznx-7qd6
18
vulnerability VCID-kam1-84p4-qych
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n119-gta2-kfg1
21
vulnerability VCID-n7un-zgqv-jfef
22
vulnerability VCID-qvbt-7e55-4bg4
23
vulnerability VCID-syrg-ckq7-cbd6
24
vulnerability VCID-u4w3-usvb-jyf6
25
vulnerability VCID-ummk-h11z-bkaj
26
vulnerability VCID-uqcw-p8g2-cfd2
27
vulnerability VCID-v9v6-ae3e-g3hk
28
vulnerability VCID-vevm-4sfk-f7gq
29
vulnerability VCID-vrdx-165p-efda
30
vulnerability VCID-w6cz-mg4v-3udj
31
vulnerability VCID-wbuz-qcp3-43aq
32
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.12
1
url pkg:composer/drupal/core@8.8.4
purl pkg:composer/drupal/core@8.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-5618-53yg-8qh4
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-6m8x-cfzp-tkf4
6
vulnerability VCID-77zc-1gc8-r7b7
7
vulnerability VCID-9qyz-jfgb-5yfs
8
vulnerability VCID-9ss3-mvt3-8bem
9
vulnerability VCID-agtf-c53h-2fdx
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-bkxp-gn34-67av
12
vulnerability VCID-cvxp-ctj9-guej
13
vulnerability VCID-dgjq-y5zj-cud1
14
vulnerability VCID-ed6y-c9tz-mbds
15
vulnerability VCID-fwbj-ctxz-2bc6
16
vulnerability VCID-g33x-1paw-7udm
17
vulnerability VCID-gbz5-5frj-hber
18
vulnerability VCID-hgb1-xrne-e7c8
19
vulnerability VCID-hwnd-nuv7-jqbh
20
vulnerability VCID-j21d-w3g7-cbcg
21
vulnerability VCID-jctf-yffu-hbag
22
vulnerability VCID-k1gx-nznx-7qd6
23
vulnerability VCID-kam1-84p4-qych
24
vulnerability VCID-mapb-hsvc-2khc
25
vulnerability VCID-mhk6-9qdy-83f3
26
vulnerability VCID-n119-gta2-kfg1
27
vulnerability VCID-n7un-zgqv-jfef
28
vulnerability VCID-ptxz-rvbt-hqhz
29
vulnerability VCID-q4qx-7s1y-q3hc
30
vulnerability VCID-qvbt-7e55-4bg4
31
vulnerability VCID-rdgr-yuu7-xkey
32
vulnerability VCID-rxhd-nkpr-87fm
33
vulnerability VCID-ssyn-dxp9-3kdq
34
vulnerability VCID-syrg-ckq7-cbd6
35
vulnerability VCID-u4w3-usvb-jyf6
36
vulnerability VCID-ummk-h11z-bkaj
37
vulnerability VCID-uqcw-p8g2-cfd2
38
vulnerability VCID-v9v6-ae3e-g3hk
39
vulnerability VCID-vevm-4sfk-f7gq
40
vulnerability VCID-vrdx-165p-efda
41
vulnerability VCID-w6cz-mg4v-3udj
42
vulnerability VCID-wbuz-qcp3-43aq
43
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.4
aliases GHSA-v273-j5hq-26xp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrb8-jnz4-83c8
28
url VCID-k1gx-nznx-7qd6
vulnerability_id VCID-k1gx-nznx-7qd6
summary 
Drupal core Cross-site Scripting (XSS) vulnerability
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
reference_id
reference_type
scores
0
value 0.00564
scoring_system epss
scoring_elements 0.68347
published_at 2026-04-01T12:55:00Z
1
value 0.00564
scoring_system epss
scoring_elements 0.68413
published_at 2026-04-13T12:55:00Z
2
value 0.00564
scoring_system epss
scoring_elements 0.68446
published_at 2026-04-12T12:55:00Z
3
value 0.00564
scoring_system epss
scoring_elements 0.68458
published_at 2026-04-11T12:55:00Z
4
value 0.00564
scoring_system epss
scoring_elements 0.68431
published_at 2026-04-09T12:55:00Z
5
value 0.00564
scoring_system epss
scoring_elements 0.68414
published_at 2026-04-08T12:55:00Z
6
value 0.00564
scoring_system epss
scoring_elements 0.68363
published_at 2026-04-07T12:55:00Z
7
value 0.00564
scoring_system epss
scoring_elements 0.68387
published_at 2026-04-04T12:55:00Z
8
value 0.00564
scoring_system epss
scoring_elements 0.68367
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-002
3
reference_url https://security.archlinux.org/AVG-1463
reference_id AVG-1463
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1463
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
reference_id CVE-2020-13672
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
7
reference_url https://github.com/advisories/GHSA-3m36-mjwj-352c
reference_id GHSA-3m36-mjwj-352c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3m36-mjwj-352c
fixed_packages
0
url pkg:composer/drupal/core@8.9.14
purl pkg:composer/drupal/core@8.9.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-bkxp-gn34-67av
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-ed6y-c9tz-mbds
9
vulnerability VCID-fwbj-ctxz-2bc6
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-kam1-84p4-qych
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n7un-zgqv-jfef
18
vulnerability VCID-q4qx-7s1y-q3hc
19
vulnerability VCID-qvbt-7e55-4bg4
20
vulnerability VCID-rdgr-yuu7-xkey
21
vulnerability VCID-syrg-ckq7-cbd6
22
vulnerability VCID-u4w3-usvb-jyf6
23
vulnerability VCID-ummk-h11z-bkaj
24
vulnerability VCID-vevm-4sfk-f7gq
25
vulnerability VCID-vrdx-165p-efda
26
vulnerability VCID-w6cz-mg4v-3udj
27
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14
1
url pkg:composer/drupal/core@9.0.12
purl pkg:composer/drupal/core@9.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-kam1-84p4-qych
14
vulnerability VCID-mapb-hsvc-2khc
15
vulnerability VCID-n7un-zgqv-jfef
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-rdgr-yuu7-xkey
18
vulnerability VCID-syrg-ckq7-cbd6
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-ummk-h11z-bkaj
21
vulnerability VCID-vevm-4sfk-f7gq
22
vulnerability VCID-vrdx-165p-efda
23
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12
2
url pkg:composer/drupal/core@9.1.7
purl pkg:composer/drupal/core@9.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-bk92-66re-dkc5
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-fwbj-ctxz-2bc6
11
vulnerability VCID-g33x-1paw-7udm
12
vulnerability VCID-hgb1-xrne-e7c8
13
vulnerability VCID-hwnd-nuv7-jqbh
14
vulnerability VCID-j21d-w3g7-cbcg
15
vulnerability VCID-jctf-yffu-hbag
16
vulnerability VCID-kam1-84p4-qych
17
vulnerability VCID-mapb-hsvc-2khc
18
vulnerability VCID-n7un-zgqv-jfef
19
vulnerability VCID-q4qx-7s1y-q3hc
20
vulnerability VCID-qvbt-7e55-4bg4
21
vulnerability VCID-rdgr-yuu7-xkey
22
vulnerability VCID-syrg-ckq7-cbd6
23
vulnerability VCID-u4w3-usvb-jyf6
24
vulnerability VCID-ummk-h11z-bkaj
25
vulnerability VCID-vevm-4sfk-f7gq
26
vulnerability VCID-vrdx-165p-efda
27
vulnerability VCID-w6cz-mg4v-3udj
28
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7
aliases CVE-2020-13672, GHSA-3m36-mjwj-352c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1gx-nznx-7qd6
29
url VCID-kam1-84p4-qych
vulnerability_id VCID-kam1-84p4-qych
summary 
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
reference_id
reference_type
scores
0
value 0.00845
scoring_system epss
scoring_elements 0.7477
published_at 2026-04-04T12:55:00Z
1
value 0.00845
scoring_system epss
scoring_elements 0.74785
published_at 2026-04-13T12:55:00Z
2
value 0.00845
scoring_system epss
scoring_elements 0.74794
published_at 2026-04-12T12:55:00Z
3
value 0.00845
scoring_system epss
scoring_elements 0.74777
published_at 2026-04-08T12:55:00Z
4
value 0.00845
scoring_system epss
scoring_elements 0.74744
published_at 2026-04-07T12:55:00Z
5
value 0.00845
scoring_system epss
scoring_elements 0.74815
published_at 2026-04-11T12:55:00Z
6
value 0.00845
scoring_system epss
scoring_elements 0.74791
published_at 2026-04-09T12:55:00Z
7
value 0.00845
scoring_system epss
scoring_elements 0.74743
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
3
reference_url https://www.drupal.org/sa-core-2025-003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/
url https://www.drupal.org/sa-core-2025-003
4
reference_url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
reference_id GHSA-2qph-q8xw-gv7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31674, GHSA-2qph-q8xw-gv7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kam1-84p4-qych
30
url VCID-kdnk-7mz5-7ugf
vulnerability_id VCID-kdnk-7mz5-7ugf
summary 
Drupal Content moderation Access bypass
In some conditions, drupal content moderation fails to check a users access to use certain transitions, leading to an access bypass.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-1.yaml
2
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-006
3
reference_url https://github.com/advisories/GHSA-f84q-mgj9-8jfc
reference_id GHSA-f84q-mgj9-8jfc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f84q-mgj9-8jfc
fixed_packages
0
url pkg:composer/drupal/core@8.5.8
purl pkg:composer/drupal/core@8.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-c9dm-17vt-4bbc
14
vulnerability VCID-cucx-jfqf-pkd1
15
vulnerability VCID-dgjq-y5zj-cud1
16
vulnerability VCID-djgn-ezxp-37eu
17
vulnerability VCID-ed6y-c9tz-mbds
18
vulnerability VCID-fwbj-ctxz-2bc6
19
vulnerability VCID-g33x-1paw-7udm
20
vulnerability VCID-gzcu-sbks-wyfa
21
vulnerability VCID-hgb1-xrne-e7c8
22
vulnerability VCID-hwnd-nuv7-jqbh
23
vulnerability VCID-j21d-w3g7-cbcg
24
vulnerability VCID-jctf-yffu-hbag
25
vulnerability VCID-jrb8-jnz4-83c8
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kam1-84p4-qych
28
vulnerability VCID-mapb-hsvc-2khc
29
vulnerability VCID-n119-gta2-kfg1
30
vulnerability VCID-n7un-zgqv-jfef
31
vulnerability VCID-nd8n-5dsu-2fbp
32
vulnerability VCID-qvbt-7e55-4bg4
33
vulnerability VCID-rhj7-dy7q-jkhw
34
vulnerability VCID-rr4q-f5cv-nkah
35
vulnerability VCID-st6v-ch5g-r7h2
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u1xx-aazv-bkg5
38
vulnerability VCID-u4w3-usvb-jyf6
39
vulnerability VCID-ummk-h11z-bkaj
40
vulnerability VCID-uqcw-p8g2-cfd2
41
vulnerability VCID-v9v6-ae3e-g3hk
42
vulnerability VCID-vevm-4sfk-f7gq
43
vulnerability VCID-vrdx-165p-efda
44
vulnerability VCID-w6cz-mg4v-3udj
45
vulnerability VCID-wbuz-qcp3-43aq
46
vulnerability VCID-ww44-hb2y-mfd5
47
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.8
1
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GHSA-f84q-mgj9-8jfc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdnk-7mz5-7ugf
31
url VCID-mapb-hsvc-2khc
vulnerability_id VCID-mapb-hsvc-2khc
summary 
Unrestricted Upload of File with Dangerous Type
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously does not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.5268
published_at 2026-04-02T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.52734
published_at 2026-04-13T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.5275
published_at 2026-04-12T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.52766
published_at 2026-04-11T12:55:00Z
4
value 0.00294
scoring_system epss
scoring_elements 0.52716
published_at 2026-04-09T12:55:00Z
5
value 0.00294
scoring_system epss
scoring_elements 0.52722
published_at 2026-04-08T12:55:00Z
6
value 0.00294
scoring_system epss
scoring_elements 0.52671
published_at 2026-04-07T12:55:00Z
7
value 0.00294
scoring_system epss
scoring_elements 0.52706
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
3
reference_url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
4
reference_url https://www.drupal.org/sa-core-2022-014
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/
url https://www.drupal.org/sa-core-2022-014
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
reference_id CVE-2022-25277
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
reference_id CVE-2022-25277.YAML
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
7
reference_url https://github.com/advisories/GHSA-6955-67hm-vjjq
reference_id GHSA-6955-67hm-vjjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6955-67hm-vjjq
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-ummk-h11z-bkaj
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-ummk-h11z-bkaj
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25277, GHSA-6955-67hm-vjjq, GMS-2022-3361
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mapb-hsvc-2khc
32
url VCID-n119-gta2-kfg1
vulnerability_id VCID-n119-gta2-kfg1
summary 
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42418
published_at 2026-04-01T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42471
published_at 2026-04-13T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42501
published_at 2026-04-12T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42538
published_at 2026-04-11T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42516
published_at 2026-04-09T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.42506
published_at 2026-04-08T12:55:00Z
6
value 0.00204
scoring_system epss
scoring_elements 0.42455
published_at 2026-04-07T12:55:00Z
7
value 0.00204
scoring_system epss
scoring_elements 0.42518
published_at 2026-04-04T12:55:00Z
8
value 0.00204
scoring_system epss
scoring_elements 0.42489
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-010
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
reference_id CVE-2020-13669
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
6
reference_url https://github.com/advisories/GHSA-c533-c843-67h8
reference_id GHSA-c533-c843-67h8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c533-c843-67h8
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-77zc-1gc8-r7b7
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-gbz5-5frj-hber
14
vulnerability VCID-hgb1-xrne-e7c8
15
vulnerability VCID-hwnd-nuv7-jqbh
16
vulnerability VCID-j21d-w3g7-cbcg
17
vulnerability VCID-jctf-yffu-hbag
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n7un-zgqv-jfef
22
vulnerability VCID-q4qx-7s1y-q3hc
23
vulnerability VCID-qvbt-7e55-4bg4
24
vulnerability VCID-rdgr-yuu7-xkey
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-v9v6-ae3e-g3hk
29
vulnerability VCID-vevm-4sfk-f7gq
30
vulnerability VCID-vrdx-165p-efda
31
vulnerability VCID-w6cz-mg4v-3udj
32
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-77zc-1gc8-r7b7
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-gbz5-5frj-hber
14
vulnerability VCID-hgb1-xrne-e7c8
15
vulnerability VCID-hwnd-nuv7-jqbh
16
vulnerability VCID-j21d-w3g7-cbcg
17
vulnerability VCID-jctf-yffu-hbag
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-kc7d-5k6x-77bp
21
vulnerability VCID-mapb-hsvc-2khc
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-q4qx-7s1y-q3hc
24
vulnerability VCID-qvbt-7e55-4bg4
25
vulnerability VCID-rdgr-yuu7-xkey
26
vulnerability VCID-syrg-ckq7-cbd6
27
vulnerability VCID-u4w3-usvb-jyf6
28
vulnerability VCID-ummk-h11z-bkaj
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bk92-66re-dkc5
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-gbz5-5frj-hber
12
vulnerability VCID-hgb1-xrne-e7c8
13
vulnerability VCID-hwnd-nuv7-jqbh
14
vulnerability VCID-j21d-w3g7-cbcg
15
vulnerability VCID-jctf-yffu-hbag
16
vulnerability VCID-k1gx-nznx-7qd6
17
vulnerability VCID-kam1-84p4-qych
18
vulnerability VCID-kc7d-5k6x-77bp
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n7un-zgqv-jfef
21
vulnerability VCID-q4qx-7s1y-q3hc
22
vulnerability VCID-rdgr-yuu7-xkey
23
vulnerability VCID-syrg-ckq7-cbd6
24
vulnerability VCID-u4w3-usvb-jyf6
25
vulnerability VCID-ummk-h11z-bkaj
26
vulnerability VCID-v9v6-ae3e-g3hk
27
vulnerability VCID-vevm-4sfk-f7gq
28
vulnerability VCID-vrdx-165p-efda
29
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13669, GHSA-c533-c843-67h8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n119-gta2-kfg1
33
url VCID-n7un-zgqv-jfef
vulnerability_id VCID-n7un-zgqv-jfef
summary 
Lack of domain validation in Druple core
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
reference_id
reference_type
scores
0
value 0.01256
scoring_system epss
scoring_elements 0.79371
published_at 2026-04-13T12:55:00Z
1
value 0.01256
scoring_system epss
scoring_elements 0.7933
published_at 2026-04-02T12:55:00Z
2
value 0.01256
scoring_system epss
scoring_elements 0.79353
published_at 2026-04-04T12:55:00Z
3
value 0.01256
scoring_system epss
scoring_elements 0.79339
published_at 2026-04-07T12:55:00Z
4
value 0.01256
scoring_system epss
scoring_elements 0.79365
published_at 2026-04-08T12:55:00Z
5
value 0.01256
scoring_system epss
scoring_elements 0.79374
published_at 2026-04-09T12:55:00Z
6
value 0.01256
scoring_system epss
scoring_elements 0.79397
published_at 2026-04-11T12:55:00Z
7
value 0.01256
scoring_system epss
scoring_elements 0.79382
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-015
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2022-015
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
reference_id CVE-2022-25276
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
4
reference_url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
reference_id GHSA-4wfq-jc9h-vpcx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-ummk-h11z-bkaj
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-ummk-h11z-bkaj
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25276, GHSA-4wfq-jc9h-vpcx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7un-zgqv-jfef
34
url VCID-nd8n-5dsu-2fbp
vulnerability_id VCID-nd8n-5dsu-2fbp
summary 
Code Injection
Injection in `DefaultMailSystem::mail()`.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases 2018-10-17-4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nd8n-5dsu-2fbp
35
url VCID-qvbt-7e55-4bg4
vulnerability_id VCID-qvbt-7e55-4bg4
summary 
Drupal core Cross-Site Scripting (XSS) vulnerabilities
The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.

Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2021-05-26.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2021-05-26.yaml
2
reference_url https://www.drupal.org/sa-core-2021-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-005
3
reference_url https://github.com/advisories/GHSA-vfgc-c76h-mwh4
reference_id GHSA-vfgc-c76h-mwh4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfgc-c76h-mwh4
fixed_packages
0
url pkg:composer/drupal/core@8.9.18
purl pkg:composer/drupal/core@8.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-bkxp-gn34-67av
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-ed6y-c9tz-mbds
9
vulnerability VCID-fwbj-ctxz-2bc6
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-kam1-84p4-qych
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n7un-zgqv-jfef
18
vulnerability VCID-q4qx-7s1y-q3hc
19
vulnerability VCID-rdgr-yuu7-xkey
20
vulnerability VCID-syrg-ckq7-cbd6
21
vulnerability VCID-u4w3-usvb-jyf6
22
vulnerability VCID-ummk-h11z-bkaj
23
vulnerability VCID-vevm-4sfk-f7gq
24
vulnerability VCID-vrdx-165p-efda
25
vulnerability VCID-w6cz-mg4v-3udj
26
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.18
1
url pkg:composer/drupal/core@9.1.12
purl pkg:composer/drupal/core@9.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-bk92-66re-dkc5
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-fwbj-ctxz-2bc6
11
vulnerability VCID-g33x-1paw-7udm
12
vulnerability VCID-hgb1-xrne-e7c8
13
vulnerability VCID-hwnd-nuv7-jqbh
14
vulnerability VCID-j21d-w3g7-cbcg
15
vulnerability VCID-jctf-yffu-hbag
16
vulnerability VCID-kam1-84p4-qych
17
vulnerability VCID-mapb-hsvc-2khc
18
vulnerability VCID-n7un-zgqv-jfef
19
vulnerability VCID-q4qx-7s1y-q3hc
20
vulnerability VCID-rdgr-yuu7-xkey
21
vulnerability VCID-syrg-ckq7-cbd6
22
vulnerability VCID-u4w3-usvb-jyf6
23
vulnerability VCID-ummk-h11z-bkaj
24
vulnerability VCID-vevm-4sfk-f7gq
25
vulnerability VCID-vrdx-165p-efda
26
vulnerability VCID-w6cz-mg4v-3udj
27
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.12
2
url pkg:composer/drupal/core@9.2.4
purl pkg:composer/drupal/core@9.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-674z-nf4t-b7ez
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-77zc-1gc8-r7b7
6
vulnerability VCID-b4yh-gyrx-3yhh
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bk92-66re-dkc5
9
vulnerability VCID-bkxp-gn34-67av
10
vulnerability VCID-dgjq-y5zj-cud1
11
vulnerability VCID-ed6y-c9tz-mbds
12
vulnerability VCID-fwbj-ctxz-2bc6
13
vulnerability VCID-g33x-1paw-7udm
14
vulnerability VCID-hgb1-xrne-e7c8
15
vulnerability VCID-hwnd-nuv7-jqbh
16
vulnerability VCID-j21d-w3g7-cbcg
17
vulnerability VCID-jctf-yffu-hbag
18
vulnerability VCID-kam1-84p4-qych
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n7un-zgqv-jfef
21
vulnerability VCID-q4qx-7s1y-q3hc
22
vulnerability VCID-rdgr-yuu7-xkey
23
vulnerability VCID-syrg-ckq7-cbd6
24
vulnerability VCID-u4w3-usvb-jyf6
25
vulnerability VCID-ummk-h11z-bkaj
26
vulnerability VCID-vevm-4sfk-f7gq
27
vulnerability VCID-vrdx-165p-efda
28
vulnerability VCID-w6cz-mg4v-3udj
29
vulnerability VCID-wbuz-qcp3-43aq
30
vulnerability VCID-zw3u-6ue7-efdf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.4
aliases GHSA-vfgc-c76h-mwh4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvbt-7e55-4bg4
36
url VCID-rhj7-dy7q-jkhw
vulnerability_id VCID-rhj7-dy7q-jkhw
summary 
Drupal Core Remote Code Execution Vulnerability
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6340
reference_id
reference_type
scores
0
value 0.94436
scoring_system epss
scoring_elements 0.99988
published_at 2026-04-04T12:55:00Z
1
value 0.94436
scoring_system epss
scoring_elements 0.99987
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6340
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340
3
reference_url https://www.drupal.org/sa-core-2019-003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.drupal.org/sa-core-2019-003
4
reference_url https://www.exploit-db.com/exploits/46452
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46452
5
reference_url https://www.exploit-db.com/exploits/46452/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.exploit-db.com/exploits/46452/
6
reference_url https://www.exploit-db.com/exploits/46459
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46459
7
reference_url https://www.exploit-db.com/exploits/46459/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.exploit-db.com/exploits/46459/
8
reference_url https://www.exploit-db.com/exploits/46510
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46510
9
reference_url https://www.exploit-db.com/exploits/46510/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.exploit-db.com/exploits/46510/
10
reference_url https://www.synology.com/security/advisory/Synology_SA_19_09
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.synology.com/security/advisory/Synology_SA_19_09
11
reference_url http://www.securityfocus.com/bid/107106
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url http://www.securityfocus.com/bid/107106
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
13
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb
reference_id CVE-2019-6340
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb
14
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt
reference_id CVE-2019-6340
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt
15
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py
reference_id CVE-2019-6340
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6340
reference_id CVE-2019-6340
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6340
17
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb
reference_id CVE-2019-6340
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb
18
reference_url https://www.ambionics.io/blog/drupal8-rce
reference_id CVE-2019-6340
reference_type exploit
scores
url https://www.ambionics.io/blog/drupal8-rce
19
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml
reference_id CVE-2019-6340.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml
20
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml
reference_id CVE-2019-6340.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml
21
reference_url https://github.com/advisories/GHSA-3gx6-h57h-rm27
reference_id GHSA-3gx6-h57h-rm27
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3gx6-h57h-rm27
fixed_packages
0
url pkg:composer/drupal/core@8.5.11
purl pkg:composer/drupal/core@8.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3s9f-prpy-hbcx
2
vulnerability VCID-565p-mgqe-gkfc
3
vulnerability VCID-5kh7-v1uc-wfha
4
vulnerability VCID-636u-5bdw-puh4
5
vulnerability VCID-6ck5-9e5b-w3ay
6
vulnerability VCID-6m8x-cfzp-tkf4
7
vulnerability VCID-77zc-1gc8-r7b7
8
vulnerability VCID-7fs3-gwc7-nkes
9
vulnerability VCID-9ss3-mvt3-8bem
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-bkxp-gn34-67av
12
vulnerability VCID-dgjq-y5zj-cud1
13
vulnerability VCID-djgn-ezxp-37eu
14
vulnerability VCID-ed6y-c9tz-mbds
15
vulnerability VCID-fwbj-ctxz-2bc6
16
vulnerability VCID-g33x-1paw-7udm
17
vulnerability VCID-hgb1-xrne-e7c8
18
vulnerability VCID-hwnd-nuv7-jqbh
19
vulnerability VCID-j21d-w3g7-cbcg
20
vulnerability VCID-jctf-yffu-hbag
21
vulnerability VCID-jrb8-jnz4-83c8
22
vulnerability VCID-k1gx-nznx-7qd6
23
vulnerability VCID-kam1-84p4-qych
24
vulnerability VCID-mapb-hsvc-2khc
25
vulnerability VCID-n119-gta2-kfg1
26
vulnerability VCID-n7un-zgqv-jfef
27
vulnerability VCID-qvbt-7e55-4bg4
28
vulnerability VCID-st6v-ch5g-r7h2
29
vulnerability VCID-syrg-ckq7-cbd6
30
vulnerability VCID-u4w3-usvb-jyf6
31
vulnerability VCID-ummk-h11z-bkaj
32
vulnerability VCID-uqcw-p8g2-cfd2
33
vulnerability VCID-v9v6-ae3e-g3hk
34
vulnerability VCID-vevm-4sfk-f7gq
35
vulnerability VCID-vrdx-165p-efda
36
vulnerability VCID-w6cz-mg4v-3udj
37
vulnerability VCID-wbuz-qcp3-43aq
38
vulnerability VCID-ww44-hb2y-mfd5
39
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.11
1
url pkg:composer/drupal/core@8.6.10
purl pkg:composer/drupal/core@8.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3s9f-prpy-hbcx
2
vulnerability VCID-565p-mgqe-gkfc
3
vulnerability VCID-5kh7-v1uc-wfha
4
vulnerability VCID-636u-5bdw-puh4
5
vulnerability VCID-6ck5-9e5b-w3ay
6
vulnerability VCID-6m8x-cfzp-tkf4
7
vulnerability VCID-77zc-1gc8-r7b7
8
vulnerability VCID-7fs3-gwc7-nkes
9
vulnerability VCID-9ss3-mvt3-8bem
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-bkxp-gn34-67av
12
vulnerability VCID-dgjq-y5zj-cud1
13
vulnerability VCID-djgn-ezxp-37eu
14
vulnerability VCID-ed6y-c9tz-mbds
15
vulnerability VCID-fwbj-ctxz-2bc6
16
vulnerability VCID-g33x-1paw-7udm
17
vulnerability VCID-hgb1-xrne-e7c8
18
vulnerability VCID-hwnd-nuv7-jqbh
19
vulnerability VCID-j21d-w3g7-cbcg
20
vulnerability VCID-jctf-yffu-hbag
21
vulnerability VCID-jrb8-jnz4-83c8
22
vulnerability VCID-k1gx-nznx-7qd6
23
vulnerability VCID-kam1-84p4-qych
24
vulnerability VCID-mapb-hsvc-2khc
25
vulnerability VCID-n119-gta2-kfg1
26
vulnerability VCID-n7un-zgqv-jfef
27
vulnerability VCID-qvbt-7e55-4bg4
28
vulnerability VCID-st6v-ch5g-r7h2
29
vulnerability VCID-syrg-ckq7-cbd6
30
vulnerability VCID-u4w3-usvb-jyf6
31
vulnerability VCID-ummk-h11z-bkaj
32
vulnerability VCID-uqcw-p8g2-cfd2
33
vulnerability VCID-v9v6-ae3e-g3hk
34
vulnerability VCID-vevm-4sfk-f7gq
35
vulnerability VCID-vrdx-165p-efda
36
vulnerability VCID-w6cz-mg4v-3udj
37
vulnerability VCID-wbuz-qcp3-43aq
38
vulnerability VCID-ww44-hb2y-mfd5
39
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.10
aliases CVE-2019-6340, GHSA-3gx6-h57h-rm27
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhj7-dy7q-jkhw
37
url VCID-rr4q-f5cv-nkah
vulnerability_id VCID-rr4q-f5cv-nkah
summary 
URL Redirection to Untrusted Site ('Open Redirect')
Anonymous Open Redirect in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases 2018-10-17-3
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rr4q-f5cv-nkah
38
url VCID-st6v-ch5g-r7h2
vulnerability_id VCID-st6v-ch5g-r7h2
summary 
Drupal core Access bypass
The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.

Solution:
If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11.
If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1.
Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.

Alternatively, you may mitigate this vulnerability by unchecking the "Enable advanced UI" checkbox on `/admin/config/media/media-library`. (This mitigation is not available in 8.7.x.)
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-3.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-3.yaml
2
reference_url https://www.drupal.org/sa-core-2019-011
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-011
3
reference_url https://github.com/advisories/GHSA-mh4h-27gq-cxwj
reference_id GHSA-mh4h-27gq-cxwj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mh4h-27gq-cxwj
fixed_packages
0
url pkg:composer/drupal/core@8.7.11
purl pkg:composer/drupal/core@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-5618-53yg-8qh4
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-cvxp-ctj9-guej
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-jrb8-jnz4-83c8
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n119-gta2-kfg1
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-nj3a-eb59-jygs
24
vulnerability VCID-qvbt-7e55-4bg4
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-uqcw-p8g2-cfd2
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
34
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.11
1
url pkg:composer/drupal/core@8.8.1
purl pkg:composer/drupal/core@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-5618-53yg-8qh4
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-6m8x-cfzp-tkf4
6
vulnerability VCID-77zc-1gc8-r7b7
7
vulnerability VCID-9qyz-jfgb-5yfs
8
vulnerability VCID-9ss3-mvt3-8bem
9
vulnerability VCID-agtf-c53h-2fdx
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-bkxp-gn34-67av
12
vulnerability VCID-cvxp-ctj9-guej
13
vulnerability VCID-dgjq-y5zj-cud1
14
vulnerability VCID-ed6y-c9tz-mbds
15
vulnerability VCID-fwbj-ctxz-2bc6
16
vulnerability VCID-g33x-1paw-7udm
17
vulnerability VCID-gbz5-5frj-hber
18
vulnerability VCID-hgb1-xrne-e7c8
19
vulnerability VCID-hwnd-nuv7-jqbh
20
vulnerability VCID-j21d-w3g7-cbcg
21
vulnerability VCID-jctf-yffu-hbag
22
vulnerability VCID-jrb8-jnz4-83c8
23
vulnerability VCID-k1gx-nznx-7qd6
24
vulnerability VCID-kam1-84p4-qych
25
vulnerability VCID-mapb-hsvc-2khc
26
vulnerability VCID-mhk6-9qdy-83f3
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-nj3a-eb59-jygs
30
vulnerability VCID-ptxz-rvbt-hqhz
31
vulnerability VCID-q4qx-7s1y-q3hc
32
vulnerability VCID-qvbt-7e55-4bg4
33
vulnerability VCID-rdgr-yuu7-xkey
34
vulnerability VCID-rxhd-nkpr-87fm
35
vulnerability VCID-ssyn-dxp9-3kdq
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u4w3-usvb-jyf6
38
vulnerability VCID-ummk-h11z-bkaj
39
vulnerability VCID-uqcw-p8g2-cfd2
40
vulnerability VCID-v9v6-ae3e-g3hk
41
vulnerability VCID-vevm-4sfk-f7gq
42
vulnerability VCID-vrdx-165p-efda
43
vulnerability VCID-w6cz-mg4v-3udj
44
vulnerability VCID-wbuz-qcp3-43aq
45
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.1
aliases GHSA-mh4h-27gq-cxwj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-st6v-ch5g-r7h2
39
url VCID-syrg-ckq7-cbd6
vulnerability_id VCID-syrg-ckq7-cbd6
summary Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01041
published_at 2026-04-13T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01045
published_at 2026-04-11T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04724
published_at 2026-04-08T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.0469
published_at 2026-04-07T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04677
published_at 2026-04-04T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04736
published_at 2026-04-09T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04655
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-008
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/
url https://www.drupal.org/sa-core-2025-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
reference_id CVE-2025-13083
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
4
reference_url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
reference_id GHSA-mhpg-hpj5-73r2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13083, GHSA-mhpg-hpj5-73r2
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-syrg-ckq7-cbd6
40
url VCID-u1xx-aazv-bkg5
vulnerability_id VCID-u1xx-aazv-bkg5
summary 
Improper Access Control
In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases 2018-10-17-5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1xx-aazv-bkg5
41
url VCID-u4w3-usvb-jyf6
vulnerability_id VCID-u4w3-usvb-jyf6
summary 
Drupal Full Path Disclosure
`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
reference_id
reference_type
scores
0
value 0.86443
scoring_system epss
scoring_elements 0.99404
published_at 2026-04-02T12:55:00Z
1
value 0.86443
scoring_system epss
scoring_elements 0.99405
published_at 2026-04-04T12:55:00Z
2
value 0.87227
scoring_system epss
scoring_elements 0.99449
published_at 2026-04-13T12:55:00Z
3
value 0.87227
scoring_system epss
scoring_elements 0.99448
published_at 2026-04-11T12:55:00Z
4
value 0.87227
scoring_system epss
scoring_elements 0.99447
published_at 2026-04-09T12:55:00Z
5
value 0.87227
scoring_system epss
scoring_elements 0.99445
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://github.com/github/advisory-database/pull/4827
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/4827
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
4
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://senscybersecurity.nl/CVE-2024-45440-Explained
5
reference_url https://www.drupal.org/project/drupal/issues/3457781
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://www.drupal.org/project/drupal/issues/3457781
6
reference_url https://www.drupal.org/project/drupal/releases/10.2.9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.2.9
7
reference_url https://www.drupal.org/project/drupal/releases/10.3.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.3.6
8
reference_url https://www.drupal.org/project/drupal/releases/11.0.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/11.0.5
9
reference_url https://www.exploit-db.com/exploits/52266
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/52266
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
reference_id CVE-2024-45440
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
11
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained/
reference_id CVE-2024-45440-Explained
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://senscybersecurity.nl/CVE-2024-45440-Explained/
12
reference_url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
reference_id GHSA-mg8j-w93w-xjgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
fixed_packages
0
url pkg:composer/drupal/core@10.2.9
purl pkg:composer/drupal/core@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-ed6y-c9tz-mbds
3
vulnerability VCID-g33x-1paw-7udm
4
vulnerability VCID-hgb1-xrne-e7c8
5
vulnerability VCID-hwnd-nuv7-jqbh
6
vulnerability VCID-j21d-w3g7-cbcg
7
vulnerability VCID-kam1-84p4-qych
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-rdgr-yuu7-xkey
10
vulnerability VCID-syrg-ckq7-cbd6
11
vulnerability VCID-u2d4-5g3d-zqbt
12
vulnerability VCID-vevm-4sfk-f7gq
13
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9
1
url pkg:composer/drupal/core@10.3.0-beta1
purl pkg:composer/drupal/core@10.3.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-j21d-w3g7-cbcg
5
vulnerability VCID-kam1-84p4-qych
6
vulnerability VCID-syrg-ckq7-cbd6
7
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1
2
url pkg:composer/drupal/core@10.3.6
purl pkg:composer/drupal/core@10.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-ed6y-c9tz-mbds
3
vulnerability VCID-g33x-1paw-7udm
4
vulnerability VCID-hgb1-xrne-e7c8
5
vulnerability VCID-hwnd-nuv7-jqbh
6
vulnerability VCID-j21d-w3g7-cbcg
7
vulnerability VCID-kam1-84p4-qych
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-rdgr-yuu7-xkey
10
vulnerability VCID-syrg-ckq7-cbd6
11
vulnerability VCID-vevm-4sfk-f7gq
12
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6
3
url pkg:composer/drupal/core@11.0.0-alpha1
purl pkg:composer/drupal/core@11.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1
4
url pkg:composer/drupal/core@11.0.5
purl pkg:composer/drupal/core@11.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-ed6y-c9tz-mbds
3
vulnerability VCID-g33x-1paw-7udm
4
vulnerability VCID-hgb1-xrne-e7c8
5
vulnerability VCID-hwnd-nuv7-jqbh
6
vulnerability VCID-j21d-w3g7-cbcg
7
vulnerability VCID-kam1-84p4-qych
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-syrg-ckq7-cbd6
10
vulnerability VCID-vevm-4sfk-f7gq
11
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5
aliases CVE-2024-45440, GHSA-mg8j-w93w-xjgc
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4w3-usvb-jyf6
42
url VCID-ummk-h11z-bkaj
vulnerability_id VCID-ummk-h11z-bkaj
summary 
Twig may load a template outside a configured directory when using the filesystem loader
# Description

When using the filesystem loader to load templates for which the name is a user input, it is possible to use the `source` or `include` statement to read arbitrary files from outside the templates directory when using a namespace like `@somewhere/../some.file` (in such a case, validation is bypassed).

# Resolution

We fixed validation for such template names.

Even if the 1.x branch is not maintained anymore, a new version has been released.

# Credits

We would like to thank Dariusz Tytko for reporting the issue and Fabien Potencier for fixing the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
reference_id
reference_type
scores
0
value 0.09505
scoring_system epss
scoring_elements 0.92827
published_at 2026-04-08T12:55:00Z
1
value 0.09505
scoring_system epss
scoring_elements 0.92815
published_at 2026-04-02T12:55:00Z
2
value 0.09505
scoring_system epss
scoring_elements 0.92835
published_at 2026-04-13T12:55:00Z
3
value 0.09505
scoring_system epss
scoring_elements 0.92831
published_at 2026-04-09T12:55:00Z
4
value 0.09505
scoring_system epss
scoring_elements 0.9282
published_at 2026-04-04T12:55:00Z
5
value 0.09505
scoring_system epss
scoring_elements 0.92818
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
3
reference_url https://github.com/twigphp/Twig
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twigphp/Twig
4
reference_url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
5
reference_url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
6
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
20
reference_url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
21
reference_url https://www.debian.org/security/2022/dsa-5248
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.debian.org/security/2022/dsa-5248
22
reference_url https://www.drupal.org/sa-core-2022-016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.drupal.org/sa-core-2022-016
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
reference_id 1020991
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id 2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
26
reference_url https://github.com/advisories/GHSA-52m2-vc4m-jj33
reference_id GHSA-52m2-vc4m-jj33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52m2-vc4m-jj33
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
29
reference_url https://usn.ubuntu.com/5947-1/
reference_id USN-5947-1
reference_type
scores
url https://usn.ubuntu.com/5947-1/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
fixed_packages
0
url pkg:composer/drupal/core@9.3.22
purl pkg:composer/drupal/core@9.3.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.22
1
url pkg:composer/drupal/core@9.4.0-alpha1
purl pkg:composer/drupal/core@9.4.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1
2
url pkg:composer/drupal/core@9.4.7
purl pkg:composer/drupal/core@9.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-bk92-66re-dkc5
4
vulnerability VCID-ed6y-c9tz-mbds
5
vulnerability VCID-g33x-1paw-7udm
6
vulnerability VCID-hgb1-xrne-e7c8
7
vulnerability VCID-hwnd-nuv7-jqbh
8
vulnerability VCID-j21d-w3g7-cbcg
9
vulnerability VCID-jctf-yffu-hbag
10
vulnerability VCID-kam1-84p4-qych
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-syrg-ckq7-cbd6
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.7
3
url pkg:composer/drupal/core@9.5.0-beta1
purl pkg:composer/drupal/core@9.5.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-ed6y-c9tz-mbds
4
vulnerability VCID-g33x-1paw-7udm
5
vulnerability VCID-hgb1-xrne-e7c8
6
vulnerability VCID-hwnd-nuv7-jqbh
7
vulnerability VCID-j21d-w3g7-cbcg
8
vulnerability VCID-jctf-yffu-hbag
9
vulnerability VCID-kam1-84p4-qych
10
vulnerability VCID-q4qx-7s1y-q3hc
11
vulnerability VCID-rdgr-yuu7-xkey
12
vulnerability VCID-syrg-ckq7-cbd6
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-vevm-4sfk-f7gq
15
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.0-beta1
aliases CVE-2022-39261, GHSA-52m2-vc4m-jj33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ummk-h11z-bkaj
43
url VCID-uqcw-p8g2-cfd2
vulnerability_id VCID-uqcw-p8g2-cfd2
summary 
Exposure of Resource to Wrong Sphere
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62226
published_at 2026-04-01T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62313
published_at 2026-04-04T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62283
published_at 2026-04-02T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62334
published_at 2026-04-13T12:55:00Z
4
value 0.00427
scoring_system epss
scoring_elements 0.62355
published_at 2026-04-12T12:55:00Z
5
value 0.00427
scoring_system epss
scoring_elements 0.62366
published_at 2026-04-11T12:55:00Z
6
value 0.00427
scoring_system epss
scoring_elements 0.62346
published_at 2026-04-09T12:55:00Z
7
value 0.00427
scoring_system epss
scoring_elements 0.62329
published_at 2026-04-08T12:55:00Z
8
value 0.00427
scoring_system epss
scoring_elements 0.62279
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
3
reference_url https://www.drupal.org/sa-core-2020-011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-011
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
reference_id CVE-2020-13670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
7
reference_url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
reference_id GHSA-mmjr-5q74-p3m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-77zc-1gc8-r7b7
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-gbz5-5frj-hber
14
vulnerability VCID-hgb1-xrne-e7c8
15
vulnerability VCID-hwnd-nuv7-jqbh
16
vulnerability VCID-j21d-w3g7-cbcg
17
vulnerability VCID-jctf-yffu-hbag
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n7un-zgqv-jfef
22
vulnerability VCID-q4qx-7s1y-q3hc
23
vulnerability VCID-qvbt-7e55-4bg4
24
vulnerability VCID-rdgr-yuu7-xkey
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-v9v6-ae3e-g3hk
29
vulnerability VCID-vevm-4sfk-f7gq
30
vulnerability VCID-vrdx-165p-efda
31
vulnerability VCID-w6cz-mg4v-3udj
32
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-77zc-1gc8-r7b7
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-gbz5-5frj-hber
14
vulnerability VCID-hgb1-xrne-e7c8
15
vulnerability VCID-hwnd-nuv7-jqbh
16
vulnerability VCID-j21d-w3g7-cbcg
17
vulnerability VCID-jctf-yffu-hbag
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-kc7d-5k6x-77bp
21
vulnerability VCID-mapb-hsvc-2khc
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-q4qx-7s1y-q3hc
24
vulnerability VCID-qvbt-7e55-4bg4
25
vulnerability VCID-rdgr-yuu7-xkey
26
vulnerability VCID-syrg-ckq7-cbd6
27
vulnerability VCID-u4w3-usvb-jyf6
28
vulnerability VCID-ummk-h11z-bkaj
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bk92-66re-dkc5
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-gbz5-5frj-hber
12
vulnerability VCID-hgb1-xrne-e7c8
13
vulnerability VCID-hwnd-nuv7-jqbh
14
vulnerability VCID-j21d-w3g7-cbcg
15
vulnerability VCID-jctf-yffu-hbag
16
vulnerability VCID-k1gx-nznx-7qd6
17
vulnerability VCID-kam1-84p4-qych
18
vulnerability VCID-kc7d-5k6x-77bp
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n7un-zgqv-jfef
21
vulnerability VCID-q4qx-7s1y-q3hc
22
vulnerability VCID-rdgr-yuu7-xkey
23
vulnerability VCID-syrg-ckq7-cbd6
24
vulnerability VCID-u4w3-usvb-jyf6
25
vulnerability VCID-ummk-h11z-bkaj
26
vulnerability VCID-v9v6-ae3e-g3hk
27
vulnerability VCID-vevm-4sfk-f7gq
28
vulnerability VCID-vrdx-165p-efda
29
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13670, GHSA-mmjr-5q74-p3m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqcw-p8g2-cfd2
44
url VCID-v9v6-ae3e-g3hk
vulnerability_id VCID-v9v6-ae3e-g3hk
summary 
Deserialization of Untrusted Data in Archive_Tar
Archive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
reference_id
reference_type
scores
0
value 0.76218
scoring_system epss
scoring_elements 0.98927
published_at 2026-04-13T12:55:00Z
1
value 0.76218
scoring_system epss
scoring_elements 0.98926
published_at 2026-04-12T12:55:00Z
2
value 0.76218
scoring_system epss
scoring_elements 0.98925
published_at 2026-04-11T12:55:00Z
3
value 0.76218
scoring_system epss
scoring_elements 0.98917
published_at 2026-04-02T12:55:00Z
4
value 0.76218
scoring_system epss
scoring_elements 0.98924
published_at 2026-04-08T12:55:00Z
5
value 0.76218
scoring_system epss
scoring_elements 0.98922
published_at 2026-04-07T12:55:00Z
6
value 0.76218
scoring_system epss
scoring_elements 0.9892
published_at 2026-04-04T12:55:00Z
7
value 0.76218
scoring_system epss
scoring_elements 0.98923
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
4
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
5
reference_url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
6
reference_url https://github.com/pear/Archive_Tar/issues/33
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/issues/33
7
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
21
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-23
22
reference_url https://www.debian.org/security/2020/dsa-4817
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4817
23
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
reference_id 1904001
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id 976108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
26
reference_url https://github.com/advisories/GHSA-jh5x-hfhg-78jq
reference_id GHSA-jh5x-hfhg-78jq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh5x-hfhg-78jq
27
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
28
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
29
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
30
reference_url https://usn.ubuntu.com/4654-1/
reference_id USN-4654-1
reference_type
scores
url https://usn.ubuntu.com/4654-1/
31
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
32
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@8.9.10
purl pkg:composer/drupal/core@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-bkxp-gn34-67av
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-ed6y-c9tz-mbds
9
vulnerability VCID-fwbj-ctxz-2bc6
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-k1gx-nznx-7qd6
16
vulnerability VCID-kam1-84p4-qych
17
vulnerability VCID-kc7d-5k6x-77bp
18
vulnerability VCID-mapb-hsvc-2khc
19
vulnerability VCID-n7un-zgqv-jfef
20
vulnerability VCID-q4qx-7s1y-q3hc
21
vulnerability VCID-qvbt-7e55-4bg4
22
vulnerability VCID-rdgr-yuu7-xkey
23
vulnerability VCID-syrg-ckq7-cbd6
24
vulnerability VCID-u4w3-usvb-jyf6
25
vulnerability VCID-ummk-h11z-bkaj
26
vulnerability VCID-vevm-4sfk-f7gq
27
vulnerability VCID-vrdx-165p-efda
28
vulnerability VCID-w6cz-mg4v-3udj
29
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10
1
url pkg:composer/drupal/core@9.0.0-alpha1
purl pkg:composer/drupal/core@9.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-ed6y-c9tz-mbds
7
vulnerability VCID-g33x-1paw-7udm
8
vulnerability VCID-hgb1-xrne-e7c8
9
vulnerability VCID-hwnd-nuv7-jqbh
10
vulnerability VCID-j21d-w3g7-cbcg
11
vulnerability VCID-jctf-yffu-hbag
12
vulnerability VCID-kam1-84p4-qych
13
vulnerability VCID-mapb-hsvc-2khc
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-q4qx-7s1y-q3hc
16
vulnerability VCID-rdgr-yuu7-xkey
17
vulnerability VCID-syrg-ckq7-cbd6
18
vulnerability VCID-u4w3-usvb-jyf6
19
vulnerability VCID-ummk-h11z-bkaj
20
vulnerability VCID-vevm-4sfk-f7gq
21
vulnerability VCID-vrdx-165p-efda
22
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1
2
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-k1gx-nznx-7qd6
14
vulnerability VCID-kam1-84p4-qych
15
vulnerability VCID-kc7d-5k6x-77bp
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n7un-zgqv-jfef
18
vulnerability VCID-q4qx-7s1y-q3hc
19
vulnerability VCID-rdgr-yuu7-xkey
20
vulnerability VCID-syrg-ckq7-cbd6
21
vulnerability VCID-u4w3-usvb-jyf6
22
vulnerability VCID-ummk-h11z-bkaj
23
vulnerability VCID-vevm-4sfk-f7gq
24
vulnerability VCID-vrdx-165p-efda
25
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
3
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-kam1-84p4-qych
14
vulnerability VCID-mapb-hsvc-2khc
15
vulnerability VCID-n7un-zgqv-jfef
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-rdgr-yuu7-xkey
18
vulnerability VCID-syrg-ckq7-cbd6
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-ummk-h11z-bkaj
21
vulnerability VCID-vevm-4sfk-f7gq
22
vulnerability VCID-vrdx-165p-efda
23
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
aliases CVE-2020-28948, GHSA-jh5x-hfhg-78jq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9v6-ae3e-g3hk
45
url VCID-vevm-4sfk-f7gq
vulnerability_id VCID-vevm-4sfk-f7gq
summary 
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
reference_id
reference_type
scores
0
value 0.00848
scoring_system epss
scoring_elements 0.74805
published_at 2026-04-02T12:55:00Z
1
value 0.00848
scoring_system epss
scoring_elements 0.74846
published_at 2026-04-13T12:55:00Z
2
value 0.00848
scoring_system epss
scoring_elements 0.74856
published_at 2026-04-12T12:55:00Z
3
value 0.00848
scoring_system epss
scoring_elements 0.74877
published_at 2026-04-11T12:55:00Z
4
value 0.00848
scoring_system epss
scoring_elements 0.74853
published_at 2026-04-09T12:55:00Z
5
value 0.00848
scoring_system epss
scoring_elements 0.74806
published_at 2026-04-07T12:55:00Z
6
value 0.00848
scoring_system epss
scoring_elements 0.74833
published_at 2026-04-04T12:55:00Z
7
value 0.00848
scoring_system epss
scoring_elements 0.74839
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
4
reference_url https://www.drupal.org/sa-core-2024-004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/
url https://www.drupal.org/sa-core-2024-004
5
reference_url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
reference_id GHSA-7cwc-fjqm-8vh8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-j21d-w3g7-cbcg
5
vulnerability VCID-kam1-84p4-qych
6
vulnerability VCID-syrg-ckq7-cbd6
7
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-j21d-w3g7-cbcg
5
vulnerability VCID-kam1-84p4-qych
6
vulnerability VCID-syrg-ckq7-cbd6
7
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-j21d-w3g7-cbcg
5
vulnerability VCID-kam1-84p4-qych
6
vulnerability VCID-syrg-ckq7-cbd6
7
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55634, GHSA-7cwc-fjqm-8vh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vevm-4sfk-f7gq
46
url VCID-vrdx-165p-efda
vulnerability_id VCID-vrdx-165p-efda
summary 
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61074
published_at 2026-04-13T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61028
published_at 2026-04-02T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61056
published_at 2026-04-04T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.61022
published_at 2026-04-07T12:55:00Z
4
value 0.00406
scoring_system epss
scoring_elements 0.6107
published_at 2026-04-08T12:55:00Z
5
value 0.00406
scoring_system epss
scoring_elements 0.61086
published_at 2026-04-09T12:55:00Z
6
value 0.00406
scoring_system epss
scoring_elements 0.61107
published_at 2026-04-11T12:55:00Z
7
value 0.00406
scoring_system epss
scoring_elements 0.61093
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
3
reference_url https://www.drupal.org/sa-core-2025-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/
url https://www.drupal.org/sa-core-2025-001
4
reference_url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
reference_id GHSA-39g6-x4x8-5jcm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-3057, GHSA-39g6-x4x8-5jcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrdx-165p-efda
47
url VCID-w6cz-mg4v-3udj
vulnerability_id VCID-w6cz-mg4v-3udj
summary 
Drupal core access bypass vulnerability
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41888
published_at 2026-04-13T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41832
published_at 2026-04-01T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41898
published_at 2026-04-02T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.41926
published_at 2026-04-04T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.41853
published_at 2026-04-07T12:55:00Z
5
value 0.00198
scoring_system epss
scoring_elements 0.41903
published_at 2026-04-08T12:55:00Z
6
value 0.00198
scoring_system epss
scoring_elements 0.41913
published_at 2026-04-09T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.41937
published_at 2026-04-11T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.41902
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
3
reference_url https://www.drupal.org/sa-core-2021-010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-010
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
reference_id CVE-2020-13677
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
6
reference_url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
reference_id GHSA-3xr3-phjp-g6p2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-ed6y-c9tz-mbds
7
vulnerability VCID-g33x-1paw-7udm
8
vulnerability VCID-hgb1-xrne-e7c8
9
vulnerability VCID-hwnd-nuv7-jqbh
10
vulnerability VCID-j21d-w3g7-cbcg
11
vulnerability VCID-jctf-yffu-hbag
12
vulnerability VCID-kam1-84p4-qych
13
vulnerability VCID-mapb-hsvc-2khc
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-q4qx-7s1y-q3hc
16
vulnerability VCID-rdgr-yuu7-xkey
17
vulnerability VCID-syrg-ckq7-cbd6
18
vulnerability VCID-u4w3-usvb-jyf6
19
vulnerability VCID-ummk-h11z-bkaj
20
vulnerability VCID-vevm-4sfk-f7gq
21
vulnerability VCID-vrdx-165p-efda
22
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-bk92-66re-dkc5
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-ed6y-c9tz-mbds
8
vulnerability VCID-g33x-1paw-7udm
9
vulnerability VCID-hgb1-xrne-e7c8
10
vulnerability VCID-hwnd-nuv7-jqbh
11
vulnerability VCID-j21d-w3g7-cbcg
12
vulnerability VCID-jctf-yffu-hbag
13
vulnerability VCID-kam1-84p4-qych
14
vulnerability VCID-mapb-hsvc-2khc
15
vulnerability VCID-n7un-zgqv-jfef
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-rdgr-yuu7-xkey
18
vulnerability VCID-syrg-ckq7-cbd6
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-ummk-h11z-bkaj
21
vulnerability VCID-vevm-4sfk-f7gq
22
vulnerability VCID-vrdx-165p-efda
23
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-674z-nf4t-b7ez
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-b4yh-gyrx-3yhh
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bk92-66re-dkc5
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-kam1-84p4-qych
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n7un-zgqv-jfef
18
vulnerability VCID-q4qx-7s1y-q3hc
19
vulnerability VCID-rdgr-yuu7-xkey
20
vulnerability VCID-syrg-ckq7-cbd6
21
vulnerability VCID-u4w3-usvb-jyf6
22
vulnerability VCID-ummk-h11z-bkaj
23
vulnerability VCID-vevm-4sfk-f7gq
24
vulnerability VCID-vrdx-165p-efda
25
vulnerability VCID-wbuz-qcp3-43aq
26
vulnerability VCID-zw3u-6ue7-efdf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13677, GHSA-3xr3-phjp-g6p2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6cz-mg4v-3udj
48
url VCID-wabj-ty5p-pfd6
vulnerability_id VCID-wabj-ty5p-pfd6
summary 
Drupal core Remote Code Execution
In Drupal core, when sending email some variables were not being sanitized for shell arguments in `DefaultMailSystem::mail()`, which could lead to remote code execution.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-4.yaml
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-4.yaml
2
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-006
3
reference_url https://github.com/advisories/GHSA-6mgp-v5cm-ghg5
reference_id GHSA-6mgp-v5cm-ghg5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mgp-v5cm-ghg5
fixed_packages
0
url pkg:composer/drupal/core@8.5.8
purl pkg:composer/drupal/core@8.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-c9dm-17vt-4bbc
14
vulnerability VCID-cucx-jfqf-pkd1
15
vulnerability VCID-dgjq-y5zj-cud1
16
vulnerability VCID-djgn-ezxp-37eu
17
vulnerability VCID-ed6y-c9tz-mbds
18
vulnerability VCID-fwbj-ctxz-2bc6
19
vulnerability VCID-g33x-1paw-7udm
20
vulnerability VCID-gzcu-sbks-wyfa
21
vulnerability VCID-hgb1-xrne-e7c8
22
vulnerability VCID-hwnd-nuv7-jqbh
23
vulnerability VCID-j21d-w3g7-cbcg
24
vulnerability VCID-jctf-yffu-hbag
25
vulnerability VCID-jrb8-jnz4-83c8
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kam1-84p4-qych
28
vulnerability VCID-mapb-hsvc-2khc
29
vulnerability VCID-n119-gta2-kfg1
30
vulnerability VCID-n7un-zgqv-jfef
31
vulnerability VCID-nd8n-5dsu-2fbp
32
vulnerability VCID-qvbt-7e55-4bg4
33
vulnerability VCID-rhj7-dy7q-jkhw
34
vulnerability VCID-rr4q-f5cv-nkah
35
vulnerability VCID-st6v-ch5g-r7h2
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u1xx-aazv-bkg5
38
vulnerability VCID-u4w3-usvb-jyf6
39
vulnerability VCID-ummk-h11z-bkaj
40
vulnerability VCID-uqcw-p8g2-cfd2
41
vulnerability VCID-v9v6-ae3e-g3hk
42
vulnerability VCID-vevm-4sfk-f7gq
43
vulnerability VCID-vrdx-165p-efda
44
vulnerability VCID-w6cz-mg4v-3udj
45
vulnerability VCID-wbuz-qcp3-43aq
46
vulnerability VCID-ww44-hb2y-mfd5
47
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.8
1
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GHSA-6mgp-v5cm-ghg5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wabj-ty5p-pfd6
49
url VCID-wbuz-qcp3-43aq
vulnerability_id VCID-wbuz-qcp3-43aq
summary 
Improper Input Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
reference_id
reference_type
scores
0
value 0.00933
scoring_system epss
scoring_elements 0.76084
published_at 2026-04-02T12:55:00Z
1
value 0.00933
scoring_system epss
scoring_elements 0.7614
published_at 2026-04-13T12:55:00Z
2
value 0.00933
scoring_system epss
scoring_elements 0.76143
published_at 2026-04-12T12:55:00Z
3
value 0.00933
scoring_system epss
scoring_elements 0.76167
published_at 2026-04-11T12:55:00Z
4
value 0.00933
scoring_system epss
scoring_elements 0.76142
published_at 2026-04-09T12:55:00Z
5
value 0.00933
scoring_system epss
scoring_elements 0.76128
published_at 2026-04-08T12:55:00Z
6
value 0.00933
scoring_system epss
scoring_elements 0.76095
published_at 2026-04-07T12:55:00Z
7
value 0.00933
scoring_system epss
scoring_elements 0.76116
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
3
reference_url https://github.com/guzzle/psr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7
4
reference_url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
5
reference_url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
6
reference_url https://www.drupal.org/sa-core-2022-006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://www.drupal.org/sa-core-2022-006
7
reference_url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
reference_id 1008236
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
reference_id CVE-2022-24775
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
10
reference_url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
11
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
12
reference_url https://usn.ubuntu.com/6670-1/
reference_id USN-6670-1
reference_type
scores
url https://usn.ubuntu.com/6670-1/
fixed_packages
0
url pkg:composer/drupal/core@9.2.16
purl pkg:composer/drupal/core@9.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-674z-nf4t-b7ez
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-bk92-66re-dkc5
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-ed6y-c9tz-mbds
9
vulnerability VCID-g33x-1paw-7udm
10
vulnerability VCID-hgb1-xrne-e7c8
11
vulnerability VCID-hwnd-nuv7-jqbh
12
vulnerability VCID-j21d-w3g7-cbcg
13
vulnerability VCID-jctf-yffu-hbag
14
vulnerability VCID-kam1-84p4-qych
15
vulnerability VCID-mapb-hsvc-2khc
16
vulnerability VCID-n7un-zgqv-jfef
17
vulnerability VCID-q4qx-7s1y-q3hc
18
vulnerability VCID-rdgr-yuu7-xkey
19
vulnerability VCID-syrg-ckq7-cbd6
20
vulnerability VCID-u4w3-usvb-jyf6
21
vulnerability VCID-ummk-h11z-bkaj
22
vulnerability VCID-vevm-4sfk-f7gq
23
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.16
1
url pkg:composer/drupal/core@9.3.0-alpha1
purl pkg:composer/drupal/core@9.3.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bk92-66re-dkc5
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-ed6y-c9tz-mbds
7
vulnerability VCID-g33x-1paw-7udm
8
vulnerability VCID-hgb1-xrne-e7c8
9
vulnerability VCID-hwnd-nuv7-jqbh
10
vulnerability VCID-j21d-w3g7-cbcg
11
vulnerability VCID-jctf-yffu-hbag
12
vulnerability VCID-kam1-84p4-qych
13
vulnerability VCID-mapb-hsvc-2khc
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-q4qx-7s1y-q3hc
16
vulnerability VCID-rdgr-yuu7-xkey
17
vulnerability VCID-syrg-ckq7-cbd6
18
vulnerability VCID-u4w3-usvb-jyf6
19
vulnerability VCID-ummk-h11z-bkaj
20
vulnerability VCID-vevm-4sfk-f7gq
21
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0-alpha1
2
url pkg:composer/drupal/core@9.3.9
purl pkg:composer/drupal/core@9.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-1qgc-gjdn-9fhk
3
vulnerability VCID-2s8m-ujzb-skd1
4
vulnerability VCID-674z-nf4t-b7ez
5
vulnerability VCID-6ck5-9e5b-w3ay
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bk92-66re-dkc5
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-hgb1-xrne-e7c8
12
vulnerability VCID-hwnd-nuv7-jqbh
13
vulnerability VCID-j21d-w3g7-cbcg
14
vulnerability VCID-jctf-yffu-hbag
15
vulnerability VCID-kam1-84p4-qych
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n7un-zgqv-jfef
18
vulnerability VCID-q4qx-7s1y-q3hc
19
vulnerability VCID-rdgr-yuu7-xkey
20
vulnerability VCID-syrg-ckq7-cbd6
21
vulnerability VCID-u4w3-usvb-jyf6
22
vulnerability VCID-ummk-h11z-bkaj
23
vulnerability VCID-vevm-4sfk-f7gq
24
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.9
3
url pkg:composer/drupal/core@10.0.0-alpha1
purl pkg:composer/drupal/core@10.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-ed6y-c9tz-mbds
3
vulnerability VCID-g33x-1paw-7udm
4
vulnerability VCID-hgb1-xrne-e7c8
5
vulnerability VCID-hwnd-nuv7-jqbh
6
vulnerability VCID-j21d-w3g7-cbcg
7
vulnerability VCID-jctf-yffu-hbag
8
vulnerability VCID-kam1-84p4-qych
9
vulnerability VCID-q4qx-7s1y-q3hc
10
vulnerability VCID-rdgr-yuu7-xkey
11
vulnerability VCID-syrg-ckq7-cbd6
12
vulnerability VCID-u4w3-usvb-jyf6
13
vulnerability VCID-vevm-4sfk-f7gq
14
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.0-alpha1
aliases CVE-2022-24775, GHSA-q7rv-6hp3-vh96
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbuz-qcp3-43aq
50
url VCID-ww44-hb2y-mfd5
vulnerability_id VCID-ww44-hb2y-mfd5
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44824
published_at 2026-04-01T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.44927
published_at 2026-04-04T12:55:00Z
2
value 0.00223
scoring_system epss
scoring_elements 0.44907
published_at 2026-04-02T12:55:00Z
3
value 0.00223
scoring_system epss
scoring_elements 0.44913
published_at 2026-04-13T12:55:00Z
4
value 0.00223
scoring_system epss
scoring_elements 0.44911
published_at 2026-04-12T12:55:00Z
5
value 0.00223
scoring_system epss
scoring_elements 0.44943
published_at 2026-04-11T12:55:00Z
6
value 0.00223
scoring_system epss
scoring_elements 0.44922
published_at 2026-04-09T12:55:00Z
7
value 0.00223
scoring_system epss
scoring_elements 0.4492
published_at 2026-04-08T12:55:00Z
8
value 0.00223
scoring_system epss
scoring_elements 0.44868
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
3
reference_url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
4
reference_url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
5
reference_url https://www.drupal.org/sa-core-2020-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-009
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
reference_id CVE-2020-13668
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
9
reference_url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
reference_id GHSA-m6q5-wv4x-fv6h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-77zc-1gc8-r7b7
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-gbz5-5frj-hber
14
vulnerability VCID-hgb1-xrne-e7c8
15
vulnerability VCID-hwnd-nuv7-jqbh
16
vulnerability VCID-j21d-w3g7-cbcg
17
vulnerability VCID-jctf-yffu-hbag
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n7un-zgqv-jfef
22
vulnerability VCID-q4qx-7s1y-q3hc
23
vulnerability VCID-qvbt-7e55-4bg4
24
vulnerability VCID-rdgr-yuu7-xkey
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-v9v6-ae3e-g3hk
29
vulnerability VCID-vevm-4sfk-f7gq
30
vulnerability VCID-vrdx-165p-efda
31
vulnerability VCID-w6cz-mg4v-3udj
32
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-77zc-1gc8-r7b7
6
vulnerability VCID-9ss3-mvt3-8bem
7
vulnerability VCID-bbzr-hbhv-yyee
8
vulnerability VCID-bkxp-gn34-67av
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-gbz5-5frj-hber
14
vulnerability VCID-hgb1-xrne-e7c8
15
vulnerability VCID-hwnd-nuv7-jqbh
16
vulnerability VCID-j21d-w3g7-cbcg
17
vulnerability VCID-jctf-yffu-hbag
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-kc7d-5k6x-77bp
21
vulnerability VCID-mapb-hsvc-2khc
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-q4qx-7s1y-q3hc
24
vulnerability VCID-qvbt-7e55-4bg4
25
vulnerability VCID-rdgr-yuu7-xkey
26
vulnerability VCID-syrg-ckq7-cbd6
27
vulnerability VCID-u4w3-usvb-jyf6
28
vulnerability VCID-ummk-h11z-bkaj
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bk92-66re-dkc5
8
vulnerability VCID-dgjq-y5zj-cud1
9
vulnerability VCID-ed6y-c9tz-mbds
10
vulnerability VCID-g33x-1paw-7udm
11
vulnerability VCID-gbz5-5frj-hber
12
vulnerability VCID-hgb1-xrne-e7c8
13
vulnerability VCID-hwnd-nuv7-jqbh
14
vulnerability VCID-j21d-w3g7-cbcg
15
vulnerability VCID-jctf-yffu-hbag
16
vulnerability VCID-k1gx-nznx-7qd6
17
vulnerability VCID-kam1-84p4-qych
18
vulnerability VCID-kc7d-5k6x-77bp
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n7un-zgqv-jfef
21
vulnerability VCID-q4qx-7s1y-q3hc
22
vulnerability VCID-rdgr-yuu7-xkey
23
vulnerability VCID-syrg-ckq7-cbd6
24
vulnerability VCID-u4w3-usvb-jyf6
25
vulnerability VCID-ummk-h11z-bkaj
26
vulnerability VCID-v9v6-ae3e-g3hk
27
vulnerability VCID-vevm-4sfk-f7gq
28
vulnerability VCID-vrdx-165p-efda
29
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13668, GHSA-m6q5-wv4x-fv6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww44-hb2y-mfd5
51
url VCID-wzgs-fr3u-cbdn
vulnerability_id VCID-wzgs-fr3u-cbdn
summary 
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
The Drupal project uses the third-party library [Archive_Tar](https://pear.php.net/package/Archive_Tar/), which has released a security improvement that is needed to protect some Drupal configurations.

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.

The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-4.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-4.yaml
2
reference_url https://www.drupal.org/sa-core-2019-012
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-012
3
reference_url https://github.com/advisories/GHSA-98h9-727m-44qv
reference_id GHSA-98h9-727m-44qv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98h9-727m-44qv
fixed_packages
0
url pkg:composer/drupal/core@8.7.11
purl pkg:composer/drupal/core@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-5618-53yg-8qh4
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-77zc-1gc8-r7b7
5
vulnerability VCID-9ss3-mvt3-8bem
6
vulnerability VCID-bbzr-hbhv-yyee
7
vulnerability VCID-bkxp-gn34-67av
8
vulnerability VCID-cvxp-ctj9-guej
9
vulnerability VCID-dgjq-y5zj-cud1
10
vulnerability VCID-ed6y-c9tz-mbds
11
vulnerability VCID-fwbj-ctxz-2bc6
12
vulnerability VCID-g33x-1paw-7udm
13
vulnerability VCID-hgb1-xrne-e7c8
14
vulnerability VCID-hwnd-nuv7-jqbh
15
vulnerability VCID-j21d-w3g7-cbcg
16
vulnerability VCID-jctf-yffu-hbag
17
vulnerability VCID-jrb8-jnz4-83c8
18
vulnerability VCID-k1gx-nznx-7qd6
19
vulnerability VCID-kam1-84p4-qych
20
vulnerability VCID-mapb-hsvc-2khc
21
vulnerability VCID-n119-gta2-kfg1
22
vulnerability VCID-n7un-zgqv-jfef
23
vulnerability VCID-nj3a-eb59-jygs
24
vulnerability VCID-qvbt-7e55-4bg4
25
vulnerability VCID-syrg-ckq7-cbd6
26
vulnerability VCID-u4w3-usvb-jyf6
27
vulnerability VCID-ummk-h11z-bkaj
28
vulnerability VCID-uqcw-p8g2-cfd2
29
vulnerability VCID-v9v6-ae3e-g3hk
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vrdx-165p-efda
32
vulnerability VCID-w6cz-mg4v-3udj
33
vulnerability VCID-wbuz-qcp3-43aq
34
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.11
1
url pkg:composer/drupal/core@8.8.1
purl pkg:composer/drupal/core@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16ns-uqh5-d3gh
1
vulnerability VCID-1nf6-3q5b-gqfm
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-5618-53yg-8qh4
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-6m8x-cfzp-tkf4
6
vulnerability VCID-77zc-1gc8-r7b7
7
vulnerability VCID-9qyz-jfgb-5yfs
8
vulnerability VCID-9ss3-mvt3-8bem
9
vulnerability VCID-agtf-c53h-2fdx
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-bkxp-gn34-67av
12
vulnerability VCID-cvxp-ctj9-guej
13
vulnerability VCID-dgjq-y5zj-cud1
14
vulnerability VCID-ed6y-c9tz-mbds
15
vulnerability VCID-fwbj-ctxz-2bc6
16
vulnerability VCID-g33x-1paw-7udm
17
vulnerability VCID-gbz5-5frj-hber
18
vulnerability VCID-hgb1-xrne-e7c8
19
vulnerability VCID-hwnd-nuv7-jqbh
20
vulnerability VCID-j21d-w3g7-cbcg
21
vulnerability VCID-jctf-yffu-hbag
22
vulnerability VCID-jrb8-jnz4-83c8
23
vulnerability VCID-k1gx-nznx-7qd6
24
vulnerability VCID-kam1-84p4-qych
25
vulnerability VCID-mapb-hsvc-2khc
26
vulnerability VCID-mhk6-9qdy-83f3
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-nj3a-eb59-jygs
30
vulnerability VCID-ptxz-rvbt-hqhz
31
vulnerability VCID-q4qx-7s1y-q3hc
32
vulnerability VCID-qvbt-7e55-4bg4
33
vulnerability VCID-rdgr-yuu7-xkey
34
vulnerability VCID-rxhd-nkpr-87fm
35
vulnerability VCID-ssyn-dxp9-3kdq
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u4w3-usvb-jyf6
38
vulnerability VCID-ummk-h11z-bkaj
39
vulnerability VCID-uqcw-p8g2-cfd2
40
vulnerability VCID-v9v6-ae3e-g3hk
41
vulnerability VCID-vevm-4sfk-f7gq
42
vulnerability VCID-vrdx-165p-efda
43
vulnerability VCID-w6cz-mg4v-3udj
44
vulnerability VCID-wbuz-qcp3-43aq
45
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.1
aliases GHSA-98h9-727m-44qv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzgs-fr3u-cbdn
52
url VCID-x2as-f9fx-9kff
vulnerability_id VCID-x2as-f9fx-9kff
summary 
Drupal Anonymous Open Redirect
Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-3.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-3.yaml
2
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-006
3
reference_url https://github.com/advisories/GHSA-gfvf-2f25-f34r
reference_id GHSA-gfvf-2f25-f34r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gfvf-2f25-f34r
fixed_packages
0
url pkg:composer/drupal/core@8.5.8
purl pkg:composer/drupal/core@8.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-c9dm-17vt-4bbc
14
vulnerability VCID-cucx-jfqf-pkd1
15
vulnerability VCID-dgjq-y5zj-cud1
16
vulnerability VCID-djgn-ezxp-37eu
17
vulnerability VCID-ed6y-c9tz-mbds
18
vulnerability VCID-fwbj-ctxz-2bc6
19
vulnerability VCID-g33x-1paw-7udm
20
vulnerability VCID-gzcu-sbks-wyfa
21
vulnerability VCID-hgb1-xrne-e7c8
22
vulnerability VCID-hwnd-nuv7-jqbh
23
vulnerability VCID-j21d-w3g7-cbcg
24
vulnerability VCID-jctf-yffu-hbag
25
vulnerability VCID-jrb8-jnz4-83c8
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kam1-84p4-qych
28
vulnerability VCID-mapb-hsvc-2khc
29
vulnerability VCID-n119-gta2-kfg1
30
vulnerability VCID-n7un-zgqv-jfef
31
vulnerability VCID-nd8n-5dsu-2fbp
32
vulnerability VCID-qvbt-7e55-4bg4
33
vulnerability VCID-rhj7-dy7q-jkhw
34
vulnerability VCID-rr4q-f5cv-nkah
35
vulnerability VCID-st6v-ch5g-r7h2
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u1xx-aazv-bkg5
38
vulnerability VCID-u4w3-usvb-jyf6
39
vulnerability VCID-ummk-h11z-bkaj
40
vulnerability VCID-uqcw-p8g2-cfd2
41
vulnerability VCID-v9v6-ae3e-g3hk
42
vulnerability VCID-vevm-4sfk-f7gq
43
vulnerability VCID-vrdx-165p-efda
44
vulnerability VCID-w6cz-mg4v-3udj
45
vulnerability VCID-wbuz-qcp3-43aq
46
vulnerability VCID-ww44-hb2y-mfd5
47
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.8
1
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5kh7-v1uc-wfha
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-77zc-1gc8-r7b7
9
vulnerability VCID-7fs3-gwc7-nkes
10
vulnerability VCID-9ss3-mvt3-8bem
11
vulnerability VCID-bbzr-hbhv-yyee
12
vulnerability VCID-bkxp-gn34-67av
13
vulnerability VCID-cucx-jfqf-pkd1
14
vulnerability VCID-dgjq-y5zj-cud1
15
vulnerability VCID-djgn-ezxp-37eu
16
vulnerability VCID-ed6y-c9tz-mbds
17
vulnerability VCID-fwbj-ctxz-2bc6
18
vulnerability VCID-g33x-1paw-7udm
19
vulnerability VCID-hgb1-xrne-e7c8
20
vulnerability VCID-hwnd-nuv7-jqbh
21
vulnerability VCID-j21d-w3g7-cbcg
22
vulnerability VCID-jctf-yffu-hbag
23
vulnerability VCID-jrb8-jnz4-83c8
24
vulnerability VCID-k1gx-nznx-7qd6
25
vulnerability VCID-kam1-84p4-qych
26
vulnerability VCID-mapb-hsvc-2khc
27
vulnerability VCID-n119-gta2-kfg1
28
vulnerability VCID-n7un-zgqv-jfef
29
vulnerability VCID-qvbt-7e55-4bg4
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-st6v-ch5g-r7h2
32
vulnerability VCID-syrg-ckq7-cbd6
33
vulnerability VCID-u4w3-usvb-jyf6
34
vulnerability VCID-ummk-h11z-bkaj
35
vulnerability VCID-uqcw-p8g2-cfd2
36
vulnerability VCID-v9v6-ae3e-g3hk
37
vulnerability VCID-vevm-4sfk-f7gq
38
vulnerability VCID-vrdx-165p-efda
39
vulnerability VCID-w6cz-mg4v-3udj
40
vulnerability VCID-wbuz-qcp3-43aq
41
vulnerability VCID-ww44-hb2y-mfd5
42
vulnerability VCID-wzgs-fr3u-cbdn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GHSA-gfvf-2f25-f34r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2as-f9fx-9kff
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.4