Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/drupal@8.7.8
Typecomposer
Namespacedrupal
Namedrupal
Version8.7.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.2.11
Latest_non_vulnerable_version11.0.8
Affected_by_vulnerabilities
0
url VCID-5618-53yg-8qh4
vulnerability_id VCID-5618-53yg-8qh4
summary 
Potential XSS vulnerability in jQuery
### Impact
Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code.

### Patches
This problem is patched in jQuery 3.5.0.

### Workarounds
To workaround the issue without upgrading, adding the following to your code:

```js
jQuery.htmlPrefilter = function( html ) {
	return html;
};
```

You need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround.

### References
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://jquery.com/upgrade-guide/3.5/

### For more information
If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
3
reference_url http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11022.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11022.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11022
reference_id
reference_type
scores
0
value 0.02136
scoring_system epss
scoring_elements 0.84198
published_at 2026-04-12T12:55:00Z
1
value 0.02136
scoring_system epss
scoring_elements 0.84185
published_at 2026-04-09T12:55:00Z
2
value 0.02136
scoring_system epss
scoring_elements 0.84179
published_at 2026-04-08T12:55:00Z
3
value 0.02136
scoring_system epss
scoring_elements 0.84157
published_at 2026-04-07T12:55:00Z
4
value 0.02136
scoring_system epss
scoring_elements 0.84155
published_at 2026-04-04T12:55:00Z
5
value 0.02136
scoring_system epss
scoring_elements 0.84203
published_at 2026-04-11T12:55:00Z
6
value 0.02136
scoring_system epss
scoring_elements 0.84194
published_at 2026-04-13T12:55:00Z
7
value 0.03251
scoring_system epss
scoring_elements 0.87068
published_at 2026-04-01T12:55:00Z
8
value 0.03251
scoring_system epss
scoring_elements 0.87079
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11022
6
reference_url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
7
reference_url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
reference_id
reference_type
scores
url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662
11
reference_url http://security.netapp.com/advisory/ntap-20200511-0006
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.netapp.com/advisory/ntap-20200511-0006
12
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
13
reference_url https://github.com/advisories/GHSA-gxr4-xjj5-5px2
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gxr4-xjj5-5px2
14
reference_url https://github.com/jquery/jquery
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery
15
reference_url https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
16
reference_url https://github.com/jquery/jquery/releases/tag/3.5.0
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery/releases/tag/3.5.0
17
reference_url https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3
scoring_elements
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
18
reference_url https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc
19
reference_url https://github.com/maximebf/php-debugbar/issues/447
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/maximebf/php-debugbar/issues/447
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml
21
reference_url https://jquery.com/upgrade-guide/3.5
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jquery.com/upgrade-guide/3.5
22
reference_url https://jquery.com/upgrade-guide/3.5/
reference_id
reference_type
scores
url https://jquery.com/upgrade-guide/3.5/
23
reference_url https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
34
reference_url https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
35
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W
41
reference_url https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
42
reference_url https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
43
reference_url https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11022
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11022
45
reference_url https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html
46
reference_url https://security.gentoo.org/glsa/202007-03
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202007-03
47
reference_url https://security.netapp.com/advisory/ntap-20200511-0006
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200511-0006
48
reference_url https://www.debian.org/security/2020/dsa-4693
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4693
49
reference_url https://www.drupal.org/sa-core-2020-002
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-002
50
reference_url https://www.npmjs.com/advisories/1518
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1518
51
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
52
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
53
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
54
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
55
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
56
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
57
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
58
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
59
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
60
reference_url https://www.tenable.com/security/tns-2020-10
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/tns-2020-10
61
reference_url https://www.tenable.com/security/tns-2020-11
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/tns-2020-11
62
reference_url https://www.tenable.com/security/tns-2021-02
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/tns-2021-02
63
reference_url https://www.tenable.com/security/tns-2021-10
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/tns-2021-10
64
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1828406
reference_id 1828406
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1828406
65
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49766.txt
reference_id CVE-2020-11022
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49766.txt
66
reference_url https://access.redhat.com/errata/RHSA-2020:2217
reference_id RHSA-2020:2217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2217
67
reference_url https://access.redhat.com/errata/RHSA-2020:2362
reference_id RHSA-2020:2362
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2362
68
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
69
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
70
reference_url https://access.redhat.com/errata/RHSA-2020:3247
reference_id RHSA-2020:3247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3247
71
reference_url https://access.redhat.com/errata/RHSA-2020:3807
reference_id RHSA-2020:3807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3807
72
reference_url https://access.redhat.com/errata/RHSA-2020:3936
reference_id RHSA-2020:3936
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3936
73
reference_url https://access.redhat.com/errata/RHSA-2020:4211
reference_id RHSA-2020:4211
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4211
74
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
75
reference_url https://access.redhat.com/errata/RHSA-2020:4670
reference_id RHSA-2020:4670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4670
76
reference_url https://access.redhat.com/errata/RHSA-2020:4847
reference_id RHSA-2020:4847
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4847
77
reference_url https://access.redhat.com/errata/RHSA-2020:5249
reference_id RHSA-2020:5249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5249
78
reference_url https://access.redhat.com/errata/RHSA-2021:0778
reference_id RHSA-2021:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0778
79
reference_url https://access.redhat.com/errata/RHSA-2022:6393
reference_id RHSA-2022:6393
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6393
80
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
81
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
82
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
83
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
84
reference_url https://usn.ubuntu.com/7246-1/
reference_id USN-7246-1
reference_type
scores
url https://usn.ubuntu.com/7246-1/
85
reference_url https://usn.ubuntu.com/7622-1/
reference_id USN-7622-1
reference_type
scores
url https://usn.ubuntu.com/7622-1/
86
reference_url https://usn.ubuntu.com/7658-1/
reference_id USN-7658-1
reference_type
scores
url https://usn.ubuntu.com/7658-1/
fixed_packages
0
url pkg:composer/drupal/drupal@8.7.14
purl pkg:composer/drupal/drupal@8.7.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ck5-9e5b-w3ay
1
vulnerability VCID-6m8x-cfzp-tkf4
2
vulnerability VCID-bbzr-hbhv-yyee
3
vulnerability VCID-dgjq-y5zj-cud1
4
vulnerability VCID-k1gx-nznx-7qd6
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n119-gta2-kfg1
7
vulnerability VCID-n7un-zgqv-jfef
8
vulnerability VCID-r8pv-9upr-y7gd
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-uqcw-p8g2-cfd2
11
vulnerability VCID-vevm-4sfk-f7gq
12
vulnerability VCID-wbuz-qcp3-43aq
13
vulnerability VCID-wbvy-zrtk-audw
14
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.14
1
url pkg:composer/drupal/drupal@8.8.0-alpha1
purl pkg:composer/drupal/drupal@8.8.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ck5-9e5b-w3ay
1
vulnerability VCID-6m8x-cfzp-tkf4
2
vulnerability VCID-bbzr-hbhv-yyee
3
vulnerability VCID-dgjq-y5zj-cud1
4
vulnerability VCID-k1gx-nznx-7qd6
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n119-gta2-kfg1
7
vulnerability VCID-n7un-zgqv-jfef
8
vulnerability VCID-r8pv-9upr-y7gd
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-uqcw-p8g2-cfd2
11
vulnerability VCID-vevm-4sfk-f7gq
12
vulnerability VCID-wbuz-qcp3-43aq
13
vulnerability VCID-wbvy-zrtk-audw
14
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.0-alpha1
2
url pkg:composer/drupal/drupal@8.8.6
purl pkg:composer/drupal/drupal@8.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-mhk6-9qdy-83f3
10
vulnerability VCID-n119-gta2-kfg1
11
vulnerability VCID-n7un-zgqv-jfef
12
vulnerability VCID-q4qx-7s1y-q3hc
13
vulnerability VCID-r8pv-9upr-y7gd
14
vulnerability VCID-rdgr-yuu7-xkey
15
vulnerability VCID-u4w3-usvb-jyf6
16
vulnerability VCID-uqcw-p8g2-cfd2
17
vulnerability VCID-v9v6-ae3e-g3hk
18
vulnerability VCID-vevm-4sfk-f7gq
19
vulnerability VCID-wbuz-qcp3-43aq
20
vulnerability VCID-wbvy-zrtk-audw
21
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.6
3
url pkg:composer/drupal/drupal@8.9.0-beta1
purl pkg:composer/drupal/drupal@8.9.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-k1gx-nznx-7qd6
6
vulnerability VCID-mapb-hsvc-2khc
7
vulnerability VCID-n7un-zgqv-jfef
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-r8pv-9upr-y7gd
10
vulnerability VCID-rdgr-yuu7-xkey
11
vulnerability VCID-u4w3-usvb-jyf6
12
vulnerability VCID-vevm-4sfk-f7gq
13
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.0-beta1
aliases CVE-2020-11022, GHSA-gxr4-xjj5-5px2
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5618-53yg-8qh4
1
url VCID-6ck5-9e5b-w3ay
vulnerability_id VCID-6ck5-9e5b-w3ay
summary 
Improper access control
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59084
published_at 2026-04-02T12:55:00Z
1
value 0.00375
scoring_system epss
scoring_elements 0.59071
published_at 2026-04-07T12:55:00Z
2
value 0.00375
scoring_system epss
scoring_elements 0.59107
published_at 2026-04-13T12:55:00Z
3
value 0.00375
scoring_system epss
scoring_elements 0.59144
published_at 2026-04-11T12:55:00Z
4
value 0.00375
scoring_system epss
scoring_elements 0.59126
published_at 2026-04-12T12:55:00Z
5
value 0.00375
scoring_system epss
scoring_elements 0.59123
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
3
reference_url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
4
reference_url https://www.drupal.org/sa-core-2022-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/
url https://www.drupal.org/sa-core-2022-012
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
reference_id CVE-2022-25275
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
reference_id CVE-2022-25275.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
7
reference_url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
reference_id GHSA-xh3v-6f9j-wxw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
fixed_packages
0
url pkg:composer/drupal/drupal@9.3.19
purl pkg:composer/drupal/drupal@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-q4qx-7s1y-q3hc
3
vulnerability VCID-rdgr-yuu7-xkey
4
vulnerability VCID-u4w3-usvb-jyf6
5
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19
1
url pkg:composer/drupal/drupal@9.4.3
purl pkg:composer/drupal/drupal@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-bk92-66re-dkc5
3
vulnerability VCID-q4qx-7s1y-q3hc
4
vulnerability VCID-rdgr-yuu7-xkey
5
vulnerability VCID-u4w3-usvb-jyf6
6
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3
aliases CVE-2022-25275, GHSA-xh3v-6f9j-wxw3, GMS-2022-3362
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ck5-9e5b-w3ay
2
url VCID-6m8x-cfzp-tkf4
vulnerability_id VCID-6m8x-cfzp-tkf4
summary 
Drupal core Unrestricted Upload of File with Dangerous Type
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 0.04504
scoring_system epss
scoring_elements 0.89078
published_at 2026-04-01T12:55:00Z
1
value 0.04504
scoring_system epss
scoring_elements 0.89133
published_at 2026-04-13T12:55:00Z
2
value 0.04504
scoring_system epss
scoring_elements 0.89135
published_at 2026-04-12T12:55:00Z
3
value 0.04504
scoring_system epss
scoring_elements 0.89138
published_at 2026-04-11T12:55:00Z
4
value 0.04504
scoring_system epss
scoring_elements 0.89127
published_at 2026-04-09T12:55:00Z
5
value 0.04504
scoring_system epss
scoring_elements 0.89122
published_at 2026-04-08T12:55:00Z
6
value 0.04504
scoring_system epss
scoring_elements 0.89105
published_at 2026-04-07T12:55:00Z
7
value 0.04504
scoring_system epss
scoring_elements 0.89102
published_at 2026-04-04T12:55:00Z
8
value 0.04504
scoring_system epss
scoring_elements 0.89087
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
6
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
7
reference_url https://www.drupal.org/sa-core-2020-012
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://www.drupal.org/sa-core-2020-012
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id 5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
reference_id CVE-2020-13671
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
12
reference_url https://github.com/advisories/GHSA-68jc-v27h-vhmw
reference_id GHSA-68jc-v27h-vhmw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68jc-v27h-vhmw
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
14
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
15
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/drupal@8.8.11
purl pkg:composer/drupal/drupal@8.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-gbz5-5frj-hber
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-mapb-hsvc-2khc
8
vulnerability VCID-n7un-zgqv-jfef
9
vulnerability VCID-q4qx-7s1y-q3hc
10
vulnerability VCID-r8pv-9upr-y7gd
11
vulnerability VCID-rdgr-yuu7-xkey
12
vulnerability VCID-u4w3-usvb-jyf6
13
vulnerability VCID-v9v6-ae3e-g3hk
14
vulnerability VCID-vevm-4sfk-f7gq
15
vulnerability VCID-wbuz-qcp3-43aq
16
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.11
1
url pkg:composer/drupal/drupal@8.9.9
purl pkg:composer/drupal/drupal@8.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-gbz5-5frj-hber
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-kc7d-5k6x-77bp
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n7un-zgqv-jfef
10
vulnerability VCID-q4qx-7s1y-q3hc
11
vulnerability VCID-r8pv-9upr-y7gd
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-v9v6-ae3e-g3hk
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-wbuz-qcp3-43aq
17
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.9
2
url pkg:composer/drupal/drupal@9.0.8
purl pkg:composer/drupal/drupal@9.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-gbz5-5frj-hber
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-kc7d-5k6x-77bp
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n7un-zgqv-jfef
10
vulnerability VCID-q4qx-7s1y-q3hc
11
vulnerability VCID-r8pv-9upr-y7gd
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-v9v6-ae3e-g3hk
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-wbuz-qcp3-43aq
17
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.8
aliases CVE-2020-13671, GHSA-68jc-v27h-vhmw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6m8x-cfzp-tkf4
3
url VCID-bbzr-hbhv-yyee
vulnerability_id VCID-bbzr-hbhv-yyee
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51563
published_at 2026-04-04T12:55:00Z
1
value 0.00282
scoring_system epss
scoring_elements 0.51586
published_at 2026-04-13T12:55:00Z
2
value 0.00282
scoring_system epss
scoring_elements 0.51603
published_at 2026-04-12T12:55:00Z
3
value 0.00282
scoring_system epss
scoring_elements 0.51577
published_at 2026-04-08T12:55:00Z
4
value 0.00282
scoring_system epss
scoring_elements 0.51523
published_at 2026-04-07T12:55:00Z
5
value 0.00282
scoring_system epss
scoring_elements 0.51624
published_at 2026-04-11T12:55:00Z
6
value 0.00282
scoring_system epss
scoring_elements 0.51574
published_at 2026-04-09T12:55:00Z
7
value 0.00282
scoring_system epss
scoring_elements 0.51536
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/
url https://www.drupal.org/sa-core-2022-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
reference_id CVE-2022-25273
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
4
reference_url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
reference_id GHSA-g36h-4jr6-qmm9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
fixed_packages
0
url pkg:composer/drupal/drupal@9.2.18
purl pkg:composer/drupal/drupal@9.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-674z-nf4t-b7ez
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n7un-zgqv-jfef
7
vulnerability VCID-q4qx-7s1y-q3hc
8
vulnerability VCID-rdgr-yuu7-xkey
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.18
1
url pkg:composer/drupal/drupal@9.3.12
purl pkg:composer/drupal/drupal@9.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-674z-nf4t-b7ez
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n7un-zgqv-jfef
7
vulnerability VCID-q4qx-7s1y-q3hc
8
vulnerability VCID-rdgr-yuu7-xkey
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.12
aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbzr-hbhv-yyee
4
url VCID-cvxp-ctj9-guej
vulnerability_id VCID-cvxp-ctj9-guej
summary 
Potential XSS vulnerability in jQuery
### Impact
Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code.

### Patches
This problem is patched in jQuery 3.5.0.

### Workarounds
To workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method.

### References
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

### For more information
If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
3
reference_url http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11023
reference_id
reference_type
scores
0
value 0.36278
scoring_system epss
scoring_elements 0.97107
published_at 2026-04-13T12:55:00Z
1
value 0.36278
scoring_system epss
scoring_elements 0.97105
published_at 2026-04-11T12:55:00Z
2
value 0.36278
scoring_system epss
scoring_elements 0.97091
published_at 2026-04-07T12:55:00Z
3
value 0.36278
scoring_system epss
scoring_elements 0.97101
published_at 2026-04-09T12:55:00Z
4
value 0.36278
scoring_system epss
scoring_elements 0.97106
published_at 2026-04-12T12:55:00Z
5
value 0.36278
scoring_system epss
scoring_elements 0.9709
published_at 2026-04-04T12:55:00Z
6
value 0.36851
scoring_system epss
scoring_elements 0.97117
published_at 2026-04-01T12:55:00Z
7
value 0.36851
scoring_system epss
scoring_elements 0.97125
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11023
6
reference_url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3
scoring_elements
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37
12
reference_url https://github.com/jquery/jquery
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery
13
reference_url https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
14
reference_url https://github.com/jquery/jquery/releases/tag/3.5.0
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery/releases/tag/3.5.0
15
reference_url https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
16
reference_url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410
17
reference_url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440
18
reference_url https://github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979
19
reference_url https://github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11023.yml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11023.yml
21
reference_url https://jquery.com/upgrade-guide/3.5
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jquery.com/upgrade-guide/3.5
22
reference_url https://jquery.com/upgrade-guide/3.5/
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://jquery.com/upgrade-guide/3.5/
23
reference_url https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E
46
reference_url https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E
47
reference_url https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
48
reference_url https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
49
reference_url https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E
50
reference_url https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E
51
reference_url https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E
52
reference_url https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E
53
reference_url https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
54
reference_url https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
55
reference_url https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
56
reference_url https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
57
reference_url https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E
58
reference_url https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E
59
reference_url https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E
60
reference_url https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E
61
reference_url https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E
62
reference_url https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E
63
reference_url https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E
64
reference_url https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E
65
reference_url https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E
66
reference_url https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E
67
reference_url https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E
68
reference_url https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E
69
reference_url https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E
70
reference_url https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E
71
reference_url https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E
72
reference_url https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E
73
reference_url https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E
74
reference_url https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E
75
reference_url https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E
76
reference_url https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E
77
reference_url https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E
78
reference_url https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E
79
reference_url https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
80
reference_url https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
81
reference_url https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E
82
reference_url https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E
83
reference_url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
84
reference_url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
85
reference_url https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
86
reference_url https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
87
reference_url https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
88
reference_url https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
89
reference_url https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
90
reference_url https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
91
reference_url https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E
92
reference_url https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E
93
reference_url https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E
94
reference_url https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E
95
reference_url https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E
96
reference_url https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E
97
reference_url https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
98
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
99
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY
100
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K
101
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4
102
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B
103
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY
104
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K
105
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4
106
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B
107
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11023
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11023
108
reference_url https://security.gentoo.org/glsa/202007-03
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://security.gentoo.org/glsa/202007-03
109
reference_url https://security.netapp.com/advisory/ntap-20200511-0006
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200511-0006
110
reference_url https://security.netapp.com/advisory/ntap-20230725-0003
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230725-0003
111
reference_url https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-565440
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-565440
112
reference_url https://snyk.io/vuln/SNYK-JS-JQUERY-565129
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-JQUERY-565129
113
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023
114
reference_url https://www.debian.org/security/2020/dsa-4693
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.debian.org/security/2020/dsa-4693
115
reference_url https://www.drupal.org/sa-core-2020-002
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.drupal.org/sa-core-2020-002
116
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
117
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
118
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.oracle.com/security-alerts/cpujan2021.html
119
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
120
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.oracle.com/security-alerts/cpujul2020.html
121
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
122
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
123
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.oracle.com/security-alerts/cpuoct2020.html
124
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
125
reference_url https://www.tenable.com/security/tns-2021-02
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.tenable.com/security/tns-2021-02
126
reference_url https://www.tenable.com/security/tns-2021-10
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://www.tenable.com/security/tns-2021-10
127
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1850004
reference_id 1850004
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1850004
128
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
reference_id AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
129
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49767.txt
reference_id CVE-2020-11023
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49767.txt
130
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml
reference_id CVE-2020-23064.YML
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml
131
reference_url https://security.netapp.com/advisory/ntap-20200511-0006/
reference_id ntap-20200511-0006
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://security.netapp.com/advisory/ntap-20200511-0006/
132
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
reference_id QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
133
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
134
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
135
reference_url https://access.redhat.com/errata/RHSA-2020:3247
reference_id RHSA-2020:3247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3247
136
reference_url https://access.redhat.com/errata/RHSA-2020:3369
reference_id RHSA-2020:3369
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3369
137
reference_url https://access.redhat.com/errata/RHSA-2020:3807
reference_id RHSA-2020:3807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3807
138
reference_url https://access.redhat.com/errata/RHSA-2020:4211
reference_id RHSA-2020:4211
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4211
139
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
140
reference_url https://access.redhat.com/errata/RHSA-2020:4847
reference_id RHSA-2020:4847
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4847
141
reference_url https://access.redhat.com/errata/RHSA-2020:5249
reference_id RHSA-2020:5249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5249
142
reference_url https://access.redhat.com/errata/RHSA-2020:5412
reference_id RHSA-2020:5412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5412
143
reference_url https://access.redhat.com/errata/RHSA-2021:0778
reference_id RHSA-2021:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0778
144
reference_url https://access.redhat.com/errata/RHSA-2021:0851
reference_id RHSA-2021:0851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0851
145
reference_url https://access.redhat.com/errata/RHSA-2021:0860
reference_id RHSA-2021:0860
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0860
146
reference_url https://access.redhat.com/errata/RHSA-2021:1846
reference_id RHSA-2021:1846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1846
147
reference_url https://access.redhat.com/errata/RHSA-2021:4142
reference_id RHSA-2021:4142
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4142
148
reference_url https://access.redhat.com/errata/RHSA-2022:6393
reference_id RHSA-2022:6393
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6393
149
reference_url https://access.redhat.com/errata/RHSA-2022:7343
reference_id RHSA-2022:7343
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7343
150
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
151
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
152
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
153
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
154
reference_url https://access.redhat.com/errata/RHSA-2025:1070
reference_id RHSA-2025:1070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1070
155
reference_url https://access.redhat.com/errata/RHSA-2025:1185
reference_id RHSA-2025:1185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1185
156
reference_url https://access.redhat.com/errata/RHSA-2025:1209
reference_id RHSA-2025:1209
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1209
157
reference_url https://access.redhat.com/errata/RHSA-2025:1210
reference_id RHSA-2025:1210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1210
158
reference_url https://access.redhat.com/errata/RHSA-2025:1211
reference_id RHSA-2025:1211
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1211
159
reference_url https://access.redhat.com/errata/RHSA-2025:1212
reference_id RHSA-2025:1212
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1212
160
reference_url https://access.redhat.com/errata/RHSA-2025:1213
reference_id RHSA-2025:1213
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1213
161
reference_url https://access.redhat.com/errata/RHSA-2025:1214
reference_id RHSA-2025:1214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1214
162
reference_url https://access.redhat.com/errata/RHSA-2025:1215
reference_id RHSA-2025:1215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1215
163
reference_url https://access.redhat.com/errata/RHSA-2025:1216
reference_id RHSA-2025:1216
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1216
164
reference_url https://access.redhat.com/errata/RHSA-2025:1217
reference_id RHSA-2025:1217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1217
165
reference_url https://access.redhat.com/errata/RHSA-2025:1247
reference_id RHSA-2025:1247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1247
166
reference_url https://access.redhat.com/errata/RHSA-2025:1255
reference_id RHSA-2025:1255
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1255
167
reference_url https://access.redhat.com/errata/RHSA-2025:1256
reference_id RHSA-2025:1256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1256
168
reference_url https://access.redhat.com/errata/RHSA-2025:1300
reference_id RHSA-2025:1300
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1300
169
reference_url https://access.redhat.com/errata/RHSA-2025:1301
reference_id RHSA-2025:1301
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1301
170
reference_url https://access.redhat.com/errata/RHSA-2025:1303
reference_id RHSA-2025:1303
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1303
171
reference_url https://access.redhat.com/errata/RHSA-2025:1304
reference_id RHSA-2025:1304
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1304
172
reference_url https://access.redhat.com/errata/RHSA-2025:1305
reference_id RHSA-2025:1305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1305
173
reference_url https://access.redhat.com/errata/RHSA-2025:1306
reference_id RHSA-2025:1306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1306
174
reference_url https://access.redhat.com/errata/RHSA-2025:1308
reference_id RHSA-2025:1308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1308
175
reference_url https://access.redhat.com/errata/RHSA-2025:1309
reference_id RHSA-2025:1309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1309
176
reference_url https://access.redhat.com/errata/RHSA-2025:1310
reference_id RHSA-2025:1310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1310
177
reference_url https://access.redhat.com/errata/RHSA-2025:1311
reference_id RHSA-2025:1311
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1311
178
reference_url https://access.redhat.com/errata/RHSA-2025:1312
reference_id RHSA-2025:1312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1312
179
reference_url https://access.redhat.com/errata/RHSA-2025:1314
reference_id RHSA-2025:1314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1314
180
reference_url https://access.redhat.com/errata/RHSA-2025:1315
reference_id RHSA-2025:1315
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1315
181
reference_url https://access.redhat.com/errata/RHSA-2025:1329
reference_id RHSA-2025:1329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1329
182
reference_url https://access.redhat.com/errata/RHSA-2025:1338
reference_id RHSA-2025:1338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1338
183
reference_url https://access.redhat.com/errata/RHSA-2025:1342
reference_id RHSA-2025:1342
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1342
184
reference_url https://access.redhat.com/errata/RHSA-2025:1346
reference_id RHSA-2025:1346
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1346
185
reference_url https://access.redhat.com/errata/RHSA-2025:1514
reference_id RHSA-2025:1514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1514
186
reference_url https://access.redhat.com/errata/RHSA-2025:1515
reference_id RHSA-2025:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1515
187
reference_url https://access.redhat.com/errata/RHSA-2025:1580
reference_id RHSA-2025:1580
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1580
188
reference_url https://access.redhat.com/errata/RHSA-2025:1601
reference_id RHSA-2025:1601
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1601
189
reference_url https://access.redhat.com/errata/RHSA-2025:1983
reference_id RHSA-2025:1983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1983
190
reference_url https://access.redhat.com/errata/RHSA-2025:2426
reference_id RHSA-2025:2426
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2426
191
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
reference_id SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
192
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
reference_id SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
193
reference_url https://usn.ubuntu.com/7246-1/
reference_id USN-7246-1
reference_type
scores
url https://usn.ubuntu.com/7246-1/
194
reference_url https://usn.ubuntu.com/7622-1/
reference_id USN-7622-1
reference_type
scores
url https://usn.ubuntu.com/7622-1/
195
reference_url https://usn.ubuntu.com/7658-1/
reference_id USN-7658-1
reference_type
scores
url https://usn.ubuntu.com/7658-1/
fixed_packages
0
url pkg:composer/drupal/drupal@8.7.14
purl pkg:composer/drupal/drupal@8.7.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ck5-9e5b-w3ay
1
vulnerability VCID-6m8x-cfzp-tkf4
2
vulnerability VCID-bbzr-hbhv-yyee
3
vulnerability VCID-dgjq-y5zj-cud1
4
vulnerability VCID-k1gx-nznx-7qd6
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n119-gta2-kfg1
7
vulnerability VCID-n7un-zgqv-jfef
8
vulnerability VCID-r8pv-9upr-y7gd
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-uqcw-p8g2-cfd2
11
vulnerability VCID-vevm-4sfk-f7gq
12
vulnerability VCID-wbuz-qcp3-43aq
13
vulnerability VCID-wbvy-zrtk-audw
14
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.14
1
url pkg:composer/drupal/drupal@8.8.0-alpha1
purl pkg:composer/drupal/drupal@8.8.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ck5-9e5b-w3ay
1
vulnerability VCID-6m8x-cfzp-tkf4
2
vulnerability VCID-bbzr-hbhv-yyee
3
vulnerability VCID-dgjq-y5zj-cud1
4
vulnerability VCID-k1gx-nznx-7qd6
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n119-gta2-kfg1
7
vulnerability VCID-n7un-zgqv-jfef
8
vulnerability VCID-r8pv-9upr-y7gd
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-uqcw-p8g2-cfd2
11
vulnerability VCID-vevm-4sfk-f7gq
12
vulnerability VCID-wbuz-qcp3-43aq
13
vulnerability VCID-wbvy-zrtk-audw
14
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.0-alpha1
2
url pkg:composer/drupal/drupal@8.8.6
purl pkg:composer/drupal/drupal@8.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-mhk6-9qdy-83f3
10
vulnerability VCID-n119-gta2-kfg1
11
vulnerability VCID-n7un-zgqv-jfef
12
vulnerability VCID-q4qx-7s1y-q3hc
13
vulnerability VCID-r8pv-9upr-y7gd
14
vulnerability VCID-rdgr-yuu7-xkey
15
vulnerability VCID-u4w3-usvb-jyf6
16
vulnerability VCID-uqcw-p8g2-cfd2
17
vulnerability VCID-v9v6-ae3e-g3hk
18
vulnerability VCID-vevm-4sfk-f7gq
19
vulnerability VCID-wbuz-qcp3-43aq
20
vulnerability VCID-wbvy-zrtk-audw
21
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.6
3
url pkg:composer/drupal/drupal@8.9.0-beta1
purl pkg:composer/drupal/drupal@8.9.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-k1gx-nznx-7qd6
6
vulnerability VCID-mapb-hsvc-2khc
7
vulnerability VCID-n7un-zgqv-jfef
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-r8pv-9upr-y7gd
10
vulnerability VCID-rdgr-yuu7-xkey
11
vulnerability VCID-u4w3-usvb-jyf6
12
vulnerability VCID-vevm-4sfk-f7gq
13
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.0-beta1
aliases CVE-2020-11023, GHSA-jpcq-cgw6-v4j6
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvxp-ctj9-guej
5
url VCID-dgjq-y5zj-cud1
vulnerability_id VCID-dgjq-y5zj-cud1
summary 
Improper Access Control
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
reference_id
reference_type
scores
0
value 0.00452
scoring_system epss
scoring_elements 0.63732
published_at 2026-04-13T12:55:00Z
1
value 0.00452
scoring_system epss
scoring_elements 0.63711
published_at 2026-04-02T12:55:00Z
2
value 0.00452
scoring_system epss
scoring_elements 0.63737
published_at 2026-04-04T12:55:00Z
3
value 0.00452
scoring_system epss
scoring_elements 0.63697
published_at 2026-04-07T12:55:00Z
4
value 0.00452
scoring_system epss
scoring_elements 0.63749
published_at 2026-04-08T12:55:00Z
5
value 0.00452
scoring_system epss
scoring_elements 0.63766
published_at 2026-04-09T12:55:00Z
6
value 0.00452
scoring_system epss
scoring_elements 0.6378
published_at 2026-04-11T12:55:00Z
7
value 0.00452
scoring_system epss
scoring_elements 0.63765
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-013
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/
url https://www.drupal.org/sa-core-2022-013
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
reference_id CVE-2022-25278
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
reference_id CVE-2022-25278.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
5
reference_url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
reference_id GHSA-cfh2-7f6h-3m85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
fixed_packages
0
url pkg:composer/drupal/drupal@9.3.19
purl pkg:composer/drupal/drupal@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-q4qx-7s1y-q3hc
3
vulnerability VCID-rdgr-yuu7-xkey
4
vulnerability VCID-u4w3-usvb-jyf6
5
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19
1
url pkg:composer/drupal/drupal@9.4.3
purl pkg:composer/drupal/drupal@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-bk92-66re-dkc5
3
vulnerability VCID-q4qx-7s1y-q3hc
4
vulnerability VCID-rdgr-yuu7-xkey
5
vulnerability VCID-u4w3-usvb-jyf6
6
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3
aliases CVE-2022-25278, GHSA-cfh2-7f6h-3m85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgjq-y5zj-cud1
6
url VCID-jfq8-xxwa-mkd1
vulnerability_id VCID-jfq8-xxwa-mkd1
summary 
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
The Drupal project uses the third-party library [Archive_Tar](https://pear.php.net/package/Archive_Tar/), which has released a security improvement that is needed to protect some Drupal configurations.

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.

The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities.
references
0
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-4.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-4.yaml
2
reference_url https://www.drupal.org/sa-core-2019-012
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-012
3
reference_url https://github.com/advisories/GHSA-m9fv-whq2-6wmc
reference_id GHSA-m9fv-whq2-6wmc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9fv-whq2-6wmc
fixed_packages
0
url pkg:composer/drupal/drupal@8.7.11
purl pkg:composer/drupal/drupal@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5618-53yg-8qh4
1
vulnerability VCID-6ck5-9e5b-w3ay
2
vulnerability VCID-6m8x-cfzp-tkf4
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-cvxp-ctj9-guej
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-kh51-g4cv-tqaw
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n119-gta2-kfg1
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-nj3a-eb59-jygs
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-uqcw-p8g2-cfd2
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-wbuz-qcp3-43aq
17
vulnerability VCID-wbvy-zrtk-audw
18
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11
1
url pkg:composer/drupal/drupal@8.8.1
purl pkg:composer/drupal/drupal@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-5618-53yg-8qh4
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-cvxp-ctj9-guej
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-gbz5-5frj-hber
9
vulnerability VCID-k1gx-nznx-7qd6
10
vulnerability VCID-kh51-g4cv-tqaw
11
vulnerability VCID-mapb-hsvc-2khc
12
vulnerability VCID-mhk6-9qdy-83f3
13
vulnerability VCID-n119-gta2-kfg1
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-nj3a-eb59-jygs
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-r8pv-9upr-y7gd
18
vulnerability VCID-rdgr-yuu7-xkey
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-uqcw-p8g2-cfd2
21
vulnerability VCID-v9v6-ae3e-g3hk
22
vulnerability VCID-vevm-4sfk-f7gq
23
vulnerability VCID-wbuz-qcp3-43aq
24
vulnerability VCID-wbvy-zrtk-audw
25
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1
aliases GHSA-m9fv-whq2-6wmc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfq8-xxwa-mkd1
7
url VCID-k1gx-nznx-7qd6
vulnerability_id VCID-k1gx-nznx-7qd6
summary 
Drupal core Cross-site Scripting (XSS) vulnerability
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
reference_id
reference_type
scores
0
value 0.00564
scoring_system epss
scoring_elements 0.68347
published_at 2026-04-01T12:55:00Z
1
value 0.00564
scoring_system epss
scoring_elements 0.68413
published_at 2026-04-13T12:55:00Z
2
value 0.00564
scoring_system epss
scoring_elements 0.68446
published_at 2026-04-12T12:55:00Z
3
value 0.00564
scoring_system epss
scoring_elements 0.68458
published_at 2026-04-11T12:55:00Z
4
value 0.00564
scoring_system epss
scoring_elements 0.68431
published_at 2026-04-09T12:55:00Z
5
value 0.00564
scoring_system epss
scoring_elements 0.68414
published_at 2026-04-08T12:55:00Z
6
value 0.00564
scoring_system epss
scoring_elements 0.68363
published_at 2026-04-07T12:55:00Z
7
value 0.00564
scoring_system epss
scoring_elements 0.68387
published_at 2026-04-04T12:55:00Z
8
value 0.00564
scoring_system epss
scoring_elements 0.68367
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-002
3
reference_url https://security.archlinux.org/AVG-1463
reference_id AVG-1463
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1463
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
reference_id CVE-2020-13672
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
7
reference_url https://github.com/advisories/GHSA-3m36-mjwj-352c
reference_id GHSA-3m36-mjwj-352c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3m36-mjwj-352c
fixed_packages
0
url pkg:composer/drupal/drupal@8.9.14
purl pkg:composer/drupal/drupal@8.9.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n7un-zgqv-jfef
7
vulnerability VCID-q4qx-7s1y-q3hc
8
vulnerability VCID-r8pv-9upr-y7gd
9
vulnerability VCID-rdgr-yuu7-xkey
10
vulnerability VCID-u4w3-usvb-jyf6
11
vulnerability VCID-vevm-4sfk-f7gq
12
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.14
1
url pkg:composer/drupal/drupal@9.0.12
purl pkg:composer/drupal/drupal@9.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n7un-zgqv-jfef
7
vulnerability VCID-q4qx-7s1y-q3hc
8
vulnerability VCID-r8pv-9upr-y7gd
9
vulnerability VCID-rdgr-yuu7-xkey
10
vulnerability VCID-u4w3-usvb-jyf6
11
vulnerability VCID-vevm-4sfk-f7gq
12
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.12
2
url pkg:composer/drupal/drupal@9.1.7
purl pkg:composer/drupal/drupal@9.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n7un-zgqv-jfef
7
vulnerability VCID-q4qx-7s1y-q3hc
8
vulnerability VCID-r8pv-9upr-y7gd
9
vulnerability VCID-rdgr-yuu7-xkey
10
vulnerability VCID-u4w3-usvb-jyf6
11
vulnerability VCID-vevm-4sfk-f7gq
12
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.1.7
aliases CVE-2020-13672, GHSA-3m36-mjwj-352c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1gx-nznx-7qd6
8
url VCID-kh51-g4cv-tqaw
vulnerability_id VCID-kh51-g4cv-tqaw
summary 
Drupal core uses a vulnerable Third-party library CKEditor
The Drupal project uses the third-party library [CKEditor](https://github.com/ckeditor/ckeditor4), which has released a [security improvement](https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed) that is needed to protect some Drupal configurations.

Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site's users. An attacker that can create or edit content may be able to exploit this Cross Site Scripting (XSS) vulnerability to target users with access to the WYSIWYG CKEditor, and this may include site admins with privileged access.

The latest versions of Drupal update CKEditor to 4.14 to mitigate the vulnerabilities.
references
0
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-03-18.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-03-18.yaml
2
reference_url https://www.drupal.org/sa-core-2020-001
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-001
3
reference_url https://github.com/advisories/GHSA-337w-fxpq-5m34
reference_id GHSA-337w-fxpq-5m34
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-337w-fxpq-5m34
fixed_packages
0
url pkg:composer/drupal/drupal@8.7.12
purl pkg:composer/drupal/drupal@8.7.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5618-53yg-8qh4
1
vulnerability VCID-6ck5-9e5b-w3ay
2
vulnerability VCID-6m8x-cfzp-tkf4
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-cvxp-ctj9-guej
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-mapb-hsvc-2khc
8
vulnerability VCID-n119-gta2-kfg1
9
vulnerability VCID-n7un-zgqv-jfef
10
vulnerability VCID-r8pv-9upr-y7gd
11
vulnerability VCID-u4w3-usvb-jyf6
12
vulnerability VCID-uqcw-p8g2-cfd2
13
vulnerability VCID-vevm-4sfk-f7gq
14
vulnerability VCID-wbuz-qcp3-43aq
15
vulnerability VCID-wbvy-zrtk-audw
16
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.12
1
url pkg:composer/drupal/drupal@8.8.4
purl pkg:composer/drupal/drupal@8.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-5618-53yg-8qh4
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-cvxp-ctj9-guej
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-gbz5-5frj-hber
9
vulnerability VCID-k1gx-nznx-7qd6
10
vulnerability VCID-mapb-hsvc-2khc
11
vulnerability VCID-mhk6-9qdy-83f3
12
vulnerability VCID-n119-gta2-kfg1
13
vulnerability VCID-n7un-zgqv-jfef
14
vulnerability VCID-q4qx-7s1y-q3hc
15
vulnerability VCID-r8pv-9upr-y7gd
16
vulnerability VCID-rdgr-yuu7-xkey
17
vulnerability VCID-u4w3-usvb-jyf6
18
vulnerability VCID-uqcw-p8g2-cfd2
19
vulnerability VCID-v9v6-ae3e-g3hk
20
vulnerability VCID-vevm-4sfk-f7gq
21
vulnerability VCID-wbuz-qcp3-43aq
22
vulnerability VCID-wbvy-zrtk-audw
23
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.4
aliases GHSA-337w-fxpq-5m34
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kh51-g4cv-tqaw
9
url VCID-mapb-hsvc-2khc
vulnerability_id VCID-mapb-hsvc-2khc
summary 
Unrestricted Upload of File with Dangerous Type
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously does not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.5268
published_at 2026-04-02T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.52734
published_at 2026-04-13T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.5275
published_at 2026-04-12T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.52766
published_at 2026-04-11T12:55:00Z
4
value 0.00294
scoring_system epss
scoring_elements 0.52716
published_at 2026-04-09T12:55:00Z
5
value 0.00294
scoring_system epss
scoring_elements 0.52722
published_at 2026-04-08T12:55:00Z
6
value 0.00294
scoring_system epss
scoring_elements 0.52671
published_at 2026-04-07T12:55:00Z
7
value 0.00294
scoring_system epss
scoring_elements 0.52706
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
3
reference_url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
4
reference_url https://www.drupal.org/sa-core-2022-014
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/
url https://www.drupal.org/sa-core-2022-014
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
reference_id CVE-2022-25277
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
reference_id CVE-2022-25277.YAML
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
7
reference_url https://github.com/advisories/GHSA-6955-67hm-vjjq
reference_id GHSA-6955-67hm-vjjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6955-67hm-vjjq
fixed_packages
0
url pkg:composer/drupal/drupal@9.3.19
purl pkg:composer/drupal/drupal@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-q4qx-7s1y-q3hc
3
vulnerability VCID-rdgr-yuu7-xkey
4
vulnerability VCID-u4w3-usvb-jyf6
5
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19
1
url pkg:composer/drupal/drupal@9.4.3
purl pkg:composer/drupal/drupal@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-bk92-66re-dkc5
3
vulnerability VCID-q4qx-7s1y-q3hc
4
vulnerability VCID-rdgr-yuu7-xkey
5
vulnerability VCID-u4w3-usvb-jyf6
6
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3
aliases CVE-2022-25277, GHSA-6955-67hm-vjjq, GMS-2022-3361
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mapb-hsvc-2khc
10
url VCID-n119-gta2-kfg1
vulnerability_id VCID-n119-gta2-kfg1
summary 
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42418
published_at 2026-04-01T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42471
published_at 2026-04-13T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42501
published_at 2026-04-12T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42538
published_at 2026-04-11T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42516
published_at 2026-04-09T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.42506
published_at 2026-04-08T12:55:00Z
6
value 0.00204
scoring_system epss
scoring_elements 0.42455
published_at 2026-04-07T12:55:00Z
7
value 0.00204
scoring_system epss
scoring_elements 0.42518
published_at 2026-04-04T12:55:00Z
8
value 0.00204
scoring_system epss
scoring_elements 0.42489
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-010
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
reference_id CVE-2020-13669
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
6
reference_url https://github.com/advisories/GHSA-c533-c843-67h8
reference_id GHSA-c533-c843-67h8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c533-c843-67h8
fixed_packages
0
url pkg:composer/drupal/drupal@8.8.10
purl pkg:composer/drupal/drupal@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n7un-zgqv-jfef
10
vulnerability VCID-q4qx-7s1y-q3hc
11
vulnerability VCID-r8pv-9upr-y7gd
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-v9v6-ae3e-g3hk
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-wbuz-qcp3-43aq
17
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10
1
url pkg:composer/drupal/drupal@8.9.6
purl pkg:composer/drupal/drupal@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-kc7d-5k6x-77bp
9
vulnerability VCID-mapb-hsvc-2khc
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-rdgr-yuu7-xkey
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-v9v6-ae3e-g3hk
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-wbuz-qcp3-43aq
18
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6
2
url pkg:composer/drupal/drupal@9.0.6
purl pkg:composer/drupal/drupal@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-kc7d-5k6x-77bp
9
vulnerability VCID-mapb-hsvc-2khc
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-rdgr-yuu7-xkey
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-v9v6-ae3e-g3hk
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-wbuz-qcp3-43aq
18
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6
aliases CVE-2020-13669, GHSA-c533-c843-67h8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n119-gta2-kfg1
11
url VCID-n7un-zgqv-jfef
vulnerability_id VCID-n7un-zgqv-jfef
summary 
Lack of domain validation in Druple core
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
reference_id
reference_type
scores
0
value 0.01256
scoring_system epss
scoring_elements 0.79371
published_at 2026-04-13T12:55:00Z
1
value 0.01256
scoring_system epss
scoring_elements 0.7933
published_at 2026-04-02T12:55:00Z
2
value 0.01256
scoring_system epss
scoring_elements 0.79353
published_at 2026-04-04T12:55:00Z
3
value 0.01256
scoring_system epss
scoring_elements 0.79339
published_at 2026-04-07T12:55:00Z
4
value 0.01256
scoring_system epss
scoring_elements 0.79365
published_at 2026-04-08T12:55:00Z
5
value 0.01256
scoring_system epss
scoring_elements 0.79374
published_at 2026-04-09T12:55:00Z
6
value 0.01256
scoring_system epss
scoring_elements 0.79397
published_at 2026-04-11T12:55:00Z
7
value 0.01256
scoring_system epss
scoring_elements 0.79382
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-015
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2022-015
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
reference_id CVE-2022-25276
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
4
reference_url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
reference_id GHSA-4wfq-jc9h-vpcx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
fixed_packages
0
url pkg:composer/drupal/drupal@9.3.19
purl pkg:composer/drupal/drupal@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-q4qx-7s1y-q3hc
3
vulnerability VCID-rdgr-yuu7-xkey
4
vulnerability VCID-u4w3-usvb-jyf6
5
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.19
1
url pkg:composer/drupal/drupal@9.4.3
purl pkg:composer/drupal/drupal@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-bk92-66re-dkc5
3
vulnerability VCID-q4qx-7s1y-q3hc
4
vulnerability VCID-rdgr-yuu7-xkey
5
vulnerability VCID-u4w3-usvb-jyf6
6
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.4.3
aliases CVE-2022-25276, GHSA-4wfq-jc9h-vpcx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7un-zgqv-jfef
12
url VCID-nj3a-eb59-jygs
vulnerability_id VCID-nj3a-eb59-jygs
summary 
CKEditor 4.0 vulnerability in the HTML Data Processor
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9281
reference_id
reference_type
scores
0
value 0.01194
scoring_system epss
scoring_elements 0.78808
published_at 2026-04-01T12:55:00Z
1
value 0.01194
scoring_system epss
scoring_elements 0.78857
published_at 2026-04-13T12:55:00Z
2
value 0.01194
scoring_system epss
scoring_elements 0.78866
published_at 2026-04-12T12:55:00Z
3
value 0.01194
scoring_system epss
scoring_elements 0.78882
published_at 2026-04-11T12:55:00Z
4
value 0.01194
scoring_system epss
scoring_elements 0.78859
published_at 2026-04-09T12:55:00Z
5
value 0.01194
scoring_system epss
scoring_elements 0.78853
published_at 2026-04-08T12:55:00Z
6
value 0.01194
scoring_system epss
scoring_elements 0.78828
published_at 2026-04-07T12:55:00Z
7
value 0.01194
scoring_system epss
scoring_elements 0.78844
published_at 2026-04-04T12:55:00Z
8
value 0.01194
scoring_system epss
scoring_elements 0.78815
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9281
1
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9281
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9281
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
14
reference_url https://github.com/advisories/GHSA-vcjf-mgcg-jxjq
reference_id GHSA-vcjf-mgcg-jxjq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vcjf-mgcg-jxjq
15
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
16
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
0
url pkg:composer/drupal/drupal@8.7.12
purl pkg:composer/drupal/drupal@8.7.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5618-53yg-8qh4
1
vulnerability VCID-6ck5-9e5b-w3ay
2
vulnerability VCID-6m8x-cfzp-tkf4
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-cvxp-ctj9-guej
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-mapb-hsvc-2khc
8
vulnerability VCID-n119-gta2-kfg1
9
vulnerability VCID-n7un-zgqv-jfef
10
vulnerability VCID-r8pv-9upr-y7gd
11
vulnerability VCID-u4w3-usvb-jyf6
12
vulnerability VCID-uqcw-p8g2-cfd2
13
vulnerability VCID-vevm-4sfk-f7gq
14
vulnerability VCID-wbuz-qcp3-43aq
15
vulnerability VCID-wbvy-zrtk-audw
16
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.12
1
url pkg:composer/drupal/drupal@8.8.0-alpha1
purl pkg:composer/drupal/drupal@8.8.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ck5-9e5b-w3ay
1
vulnerability VCID-6m8x-cfzp-tkf4
2
vulnerability VCID-bbzr-hbhv-yyee
3
vulnerability VCID-dgjq-y5zj-cud1
4
vulnerability VCID-k1gx-nznx-7qd6
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n119-gta2-kfg1
7
vulnerability VCID-n7un-zgqv-jfef
8
vulnerability VCID-r8pv-9upr-y7gd
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-uqcw-p8g2-cfd2
11
vulnerability VCID-vevm-4sfk-f7gq
12
vulnerability VCID-wbuz-qcp3-43aq
13
vulnerability VCID-wbvy-zrtk-audw
14
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.0-alpha1
2
url pkg:composer/drupal/drupal@8.8.4
purl pkg:composer/drupal/drupal@8.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-5618-53yg-8qh4
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-cvxp-ctj9-guej
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-gbz5-5frj-hber
9
vulnerability VCID-k1gx-nznx-7qd6
10
vulnerability VCID-mapb-hsvc-2khc
11
vulnerability VCID-mhk6-9qdy-83f3
12
vulnerability VCID-n119-gta2-kfg1
13
vulnerability VCID-n7un-zgqv-jfef
14
vulnerability VCID-q4qx-7s1y-q3hc
15
vulnerability VCID-r8pv-9upr-y7gd
16
vulnerability VCID-rdgr-yuu7-xkey
17
vulnerability VCID-u4w3-usvb-jyf6
18
vulnerability VCID-uqcw-p8g2-cfd2
19
vulnerability VCID-v9v6-ae3e-g3hk
20
vulnerability VCID-vevm-4sfk-f7gq
21
vulnerability VCID-wbuz-qcp3-43aq
22
vulnerability VCID-wbvy-zrtk-audw
23
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.4
3
url pkg:composer/drupal/drupal@9.0.0-alpha1
purl pkg:composer/drupal/drupal@9.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n7un-zgqv-jfef
7
vulnerability VCID-q4qx-7s1y-q3hc
8
vulnerability VCID-rdgr-yuu7-xkey
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-vevm-4sfk-f7gq
11
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.0-alpha1
aliases CVE-2020-9281, GHSA-vcjf-mgcg-jxjq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nj3a-eb59-jygs
13
url VCID-pk74-yy1n-8qck
vulnerability_id VCID-pk74-yy1n-8qck
summary 
Drupal core Access control bypass
The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.

### Solution: 
If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11.
If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1.
Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.

Alternatively, you may mitigate this vulnerability by unchecking the "Enable advanced UI" checkbox on `/admin/config/media/media-library`. (This mitigation is not available in 8.7.x.)
references
0
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-3.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-3.yaml
2
reference_url https://www.drupal.org/sa-core-2019-011
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-011
3
reference_url https://github.com/advisories/GHSA-5x28-3f32-x523
reference_id GHSA-5x28-3f32-x523
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5x28-3f32-x523
fixed_packages
0
url pkg:composer/drupal/drupal@8.7.11
purl pkg:composer/drupal/drupal@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5618-53yg-8qh4
1
vulnerability VCID-6ck5-9e5b-w3ay
2
vulnerability VCID-6m8x-cfzp-tkf4
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-cvxp-ctj9-guej
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-kh51-g4cv-tqaw
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n119-gta2-kfg1
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-nj3a-eb59-jygs
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-uqcw-p8g2-cfd2
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-wbuz-qcp3-43aq
17
vulnerability VCID-wbvy-zrtk-audw
18
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11
1
url pkg:composer/drupal/drupal@8.8.1
purl pkg:composer/drupal/drupal@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-5618-53yg-8qh4
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-cvxp-ctj9-guej
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-gbz5-5frj-hber
9
vulnerability VCID-k1gx-nznx-7qd6
10
vulnerability VCID-kh51-g4cv-tqaw
11
vulnerability VCID-mapb-hsvc-2khc
12
vulnerability VCID-mhk6-9qdy-83f3
13
vulnerability VCID-n119-gta2-kfg1
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-nj3a-eb59-jygs
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-r8pv-9upr-y7gd
18
vulnerability VCID-rdgr-yuu7-xkey
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-uqcw-p8g2-cfd2
21
vulnerability VCID-v9v6-ae3e-g3hk
22
vulnerability VCID-vevm-4sfk-f7gq
23
vulnerability VCID-wbuz-qcp3-43aq
24
vulnerability VCID-wbvy-zrtk-audw
25
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1
aliases GHSA-5x28-3f32-x523
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pk74-yy1n-8qck
14
url VCID-r8pv-9upr-y7gd
vulnerability_id VCID-r8pv-9upr-y7gd
summary 
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.

Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.
references
0
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2021-05-26.yaml
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2021-05-26.yaml
2
reference_url https://www.drupal.org/sa-core-2021-005
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-005
3
reference_url https://github.com/advisories/GHSA-qf65-hph9-453r
reference_id GHSA-qf65-hph9-453r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qf65-hph9-453r
fixed_packages
0
url pkg:composer/drupal/drupal@8.9.16
purl pkg:composer/drupal/drupal@8.9.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n7un-zgqv-jfef
7
vulnerability VCID-q4qx-7s1y-q3hc
8
vulnerability VCID-rdgr-yuu7-xkey
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-vevm-4sfk-f7gq
11
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.16
1
url pkg:composer/drupal/drupal@9.1.12
purl pkg:composer/drupal/drupal@9.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-mapb-hsvc-2khc
6
vulnerability VCID-n7un-zgqv-jfef
7
vulnerability VCID-q4qx-7s1y-q3hc
8
vulnerability VCID-rdgr-yuu7-xkey
9
vulnerability VCID-u4w3-usvb-jyf6
10
vulnerability VCID-vevm-4sfk-f7gq
11
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.1.12
2
url pkg:composer/drupal/drupal@9.2.4
purl pkg:composer/drupal/drupal@9.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-674z-nf4t-b7ez
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-b4yh-gyrx-3yhh
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-gypk-ukbc-7qe3
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n7un-zgqv-jfef
10
vulnerability VCID-q4qx-7s1y-q3hc
11
vulnerability VCID-rdgr-yuu7-xkey
12
vulnerability VCID-sbmj-9trz-2ybf
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-vevm-4sfk-f7gq
15
vulnerability VCID-wbuz-qcp3-43aq
16
vulnerability VCID-zw3u-6ue7-efdf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.4
aliases GHSA-qf65-hph9-453r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8pv-9upr-y7gd
15
url VCID-ty3y-k9t2-qyba
vulnerability_id VCID-ty3y-k9t2-qyba
summary 
Drupal Malicious file upload with filenames stating with dot
Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did.

Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file.

After this fix, file_save_upload() now trims leading and trailing dots from filenames.
references
0
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-2.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-2.yaml
2
reference_url https://www.drupal.org/sa-core-2019-010
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-010
3
reference_url https://github.com/advisories/GHSA-58xv-7h9r-mx3c
reference_id GHSA-58xv-7h9r-mx3c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-58xv-7h9r-mx3c
fixed_packages
0
url pkg:composer/drupal/drupal@8.7.11
purl pkg:composer/drupal/drupal@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5618-53yg-8qh4
1
vulnerability VCID-6ck5-9e5b-w3ay
2
vulnerability VCID-6m8x-cfzp-tkf4
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-cvxp-ctj9-guej
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-kh51-g4cv-tqaw
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n119-gta2-kfg1
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-nj3a-eb59-jygs
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-uqcw-p8g2-cfd2
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-wbuz-qcp3-43aq
17
vulnerability VCID-wbvy-zrtk-audw
18
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11
1
url pkg:composer/drupal/drupal@8.8.1
purl pkg:composer/drupal/drupal@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-5618-53yg-8qh4
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-cvxp-ctj9-guej
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-gbz5-5frj-hber
9
vulnerability VCID-k1gx-nznx-7qd6
10
vulnerability VCID-kh51-g4cv-tqaw
11
vulnerability VCID-mapb-hsvc-2khc
12
vulnerability VCID-mhk6-9qdy-83f3
13
vulnerability VCID-n119-gta2-kfg1
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-nj3a-eb59-jygs
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-r8pv-9upr-y7gd
18
vulnerability VCID-rdgr-yuu7-xkey
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-uqcw-p8g2-cfd2
21
vulnerability VCID-v9v6-ae3e-g3hk
22
vulnerability VCID-vevm-4sfk-f7gq
23
vulnerability VCID-wbuz-qcp3-43aq
24
vulnerability VCID-wbvy-zrtk-audw
25
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1
aliases GHSA-58xv-7h9r-mx3c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ty3y-k9t2-qyba
16
url VCID-u4w3-usvb-jyf6
vulnerability_id VCID-u4w3-usvb-jyf6
summary 
Drupal Full Path Disclosure
`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
reference_id
reference_type
scores
0
value 0.86443
scoring_system epss
scoring_elements 0.99404
published_at 2026-04-02T12:55:00Z
1
value 0.86443
scoring_system epss
scoring_elements 0.99405
published_at 2026-04-04T12:55:00Z
2
value 0.87227
scoring_system epss
scoring_elements 0.99449
published_at 2026-04-13T12:55:00Z
3
value 0.87227
scoring_system epss
scoring_elements 0.99448
published_at 2026-04-11T12:55:00Z
4
value 0.87227
scoring_system epss
scoring_elements 0.99447
published_at 2026-04-09T12:55:00Z
5
value 0.87227
scoring_system epss
scoring_elements 0.99445
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://github.com/github/advisory-database/pull/4827
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/4827
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
4
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://senscybersecurity.nl/CVE-2024-45440-Explained
5
reference_url https://www.drupal.org/project/drupal/issues/3457781
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://www.drupal.org/project/drupal/issues/3457781
6
reference_url https://www.drupal.org/project/drupal/releases/10.2.9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.2.9
7
reference_url https://www.drupal.org/project/drupal/releases/10.3.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.3.6
8
reference_url https://www.drupal.org/project/drupal/releases/11.0.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/11.0.5
9
reference_url https://www.exploit-db.com/exploits/52266
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/52266
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
reference_id CVE-2024-45440
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
11
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained/
reference_id CVE-2024-45440-Explained
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://senscybersecurity.nl/CVE-2024-45440-Explained/
12
reference_url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
reference_id GHSA-mg8j-w93w-xjgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
fixed_packages
0
url pkg:composer/drupal/drupal@10.2.9
purl pkg:composer/drupal/drupal@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-q4qx-7s1y-q3hc
3
vulnerability VCID-rdgr-yuu7-xkey
4
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.2.9
1
url pkg:composer/drupal/drupal@10.3.0-beta1
purl pkg:composer/drupal/drupal@10.3.0-beta1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.0-beta1
2
url pkg:composer/drupal/drupal@10.3.6
purl pkg:composer/drupal/drupal@10.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-q4qx-7s1y-q3hc
3
vulnerability VCID-rdgr-yuu7-xkey
4
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.6
3
url pkg:composer/drupal/drupal@11.0.0-alpha1
purl pkg:composer/drupal/drupal@11.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.0-alpha1
4
url pkg:composer/drupal/drupal@11.0.5
purl pkg:composer/drupal/drupal@11.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-q4qx-7s1y-q3hc
3
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.5
aliases CVE-2024-45440, GHSA-mg8j-w93w-xjgc
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4w3-usvb-jyf6
17
url VCID-uqcw-p8g2-cfd2
vulnerability_id VCID-uqcw-p8g2-cfd2
summary 
Exposure of Resource to Wrong Sphere
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62226
published_at 2026-04-01T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62313
published_at 2026-04-04T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62283
published_at 2026-04-02T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62334
published_at 2026-04-13T12:55:00Z
4
value 0.00427
scoring_system epss
scoring_elements 0.62355
published_at 2026-04-12T12:55:00Z
5
value 0.00427
scoring_system epss
scoring_elements 0.62366
published_at 2026-04-11T12:55:00Z
6
value 0.00427
scoring_system epss
scoring_elements 0.62346
published_at 2026-04-09T12:55:00Z
7
value 0.00427
scoring_system epss
scoring_elements 0.62329
published_at 2026-04-08T12:55:00Z
8
value 0.00427
scoring_system epss
scoring_elements 0.62279
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
3
reference_url https://www.drupal.org/sa-core-2020-011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-011
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
reference_id CVE-2020-13670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
7
reference_url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
reference_id GHSA-mmjr-5q74-p3m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
fixed_packages
0
url pkg:composer/drupal/drupal@8.8.10
purl pkg:composer/drupal/drupal@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n7un-zgqv-jfef
10
vulnerability VCID-q4qx-7s1y-q3hc
11
vulnerability VCID-r8pv-9upr-y7gd
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-v9v6-ae3e-g3hk
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-wbuz-qcp3-43aq
17
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10
1
url pkg:composer/drupal/drupal@8.9.6
purl pkg:composer/drupal/drupal@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-kc7d-5k6x-77bp
9
vulnerability VCID-mapb-hsvc-2khc
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-rdgr-yuu7-xkey
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-v9v6-ae3e-g3hk
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-wbuz-qcp3-43aq
18
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6
2
url pkg:composer/drupal/drupal@9.0.6
purl pkg:composer/drupal/drupal@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-kc7d-5k6x-77bp
9
vulnerability VCID-mapb-hsvc-2khc
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-rdgr-yuu7-xkey
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-v9v6-ae3e-g3hk
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-wbuz-qcp3-43aq
18
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6
aliases CVE-2020-13670, GHSA-mmjr-5q74-p3m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqcw-p8g2-cfd2
18
url VCID-vevm-4sfk-f7gq
vulnerability_id VCID-vevm-4sfk-f7gq
summary 
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
reference_id
reference_type
scores
0
value 0.00848
scoring_system epss
scoring_elements 0.74805
published_at 2026-04-02T12:55:00Z
1
value 0.00848
scoring_system epss
scoring_elements 0.74846
published_at 2026-04-13T12:55:00Z
2
value 0.00848
scoring_system epss
scoring_elements 0.74856
published_at 2026-04-12T12:55:00Z
3
value 0.00848
scoring_system epss
scoring_elements 0.74877
published_at 2026-04-11T12:55:00Z
4
value 0.00848
scoring_system epss
scoring_elements 0.74853
published_at 2026-04-09T12:55:00Z
5
value 0.00848
scoring_system epss
scoring_elements 0.74806
published_at 2026-04-07T12:55:00Z
6
value 0.00848
scoring_system epss
scoring_elements 0.74833
published_at 2026-04-04T12:55:00Z
7
value 0.00848
scoring_system epss
scoring_elements 0.74839
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
4
reference_url https://www.drupal.org/sa-core-2024-004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/
url https://www.drupal.org/sa-core-2024-004
5
reference_url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
reference_id GHSA-7cwc-fjqm-8vh8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
fixed_packages
0
url pkg:composer/drupal/drupal@10.2.11
purl pkg:composer/drupal/drupal@10.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.2.11
1
url pkg:composer/drupal/drupal@10.3.9
purl pkg:composer/drupal/drupal@10.3.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.3.9
2
url pkg:composer/drupal/drupal@11.0.8
purl pkg:composer/drupal/drupal@11.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@11.0.8
aliases CVE-2024-55634, GHSA-7cwc-fjqm-8vh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vevm-4sfk-f7gq
19
url VCID-w3q4-838v-97ck
vulnerability_id VCID-w3q4-838v-97ck
summary 
Drupal core Denial of Service
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.
references
0
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-1.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2019-12-18-1.yaml
2
reference_url https://www.drupal.org/sa-core-2019-009
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-009
3
reference_url https://github.com/advisories/GHSA-w333-5f96-mjrr
reference_id GHSA-w333-5f96-mjrr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w333-5f96-mjrr
fixed_packages
0
url pkg:composer/drupal/drupal@8.7.11
purl pkg:composer/drupal/drupal@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5618-53yg-8qh4
1
vulnerability VCID-6ck5-9e5b-w3ay
2
vulnerability VCID-6m8x-cfzp-tkf4
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-cvxp-ctj9-guej
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-kh51-g4cv-tqaw
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n119-gta2-kfg1
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-nj3a-eb59-jygs
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-uqcw-p8g2-cfd2
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-wbuz-qcp3-43aq
17
vulnerability VCID-wbvy-zrtk-audw
18
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11
1
url pkg:composer/drupal/drupal@8.8.1
purl pkg:composer/drupal/drupal@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-5618-53yg-8qh4
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-6m8x-cfzp-tkf4
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-cvxp-ctj9-guej
7
vulnerability VCID-dgjq-y5zj-cud1
8
vulnerability VCID-gbz5-5frj-hber
9
vulnerability VCID-k1gx-nznx-7qd6
10
vulnerability VCID-kh51-g4cv-tqaw
11
vulnerability VCID-mapb-hsvc-2khc
12
vulnerability VCID-mhk6-9qdy-83f3
13
vulnerability VCID-n119-gta2-kfg1
14
vulnerability VCID-n7un-zgqv-jfef
15
vulnerability VCID-nj3a-eb59-jygs
16
vulnerability VCID-q4qx-7s1y-q3hc
17
vulnerability VCID-r8pv-9upr-y7gd
18
vulnerability VCID-rdgr-yuu7-xkey
19
vulnerability VCID-u4w3-usvb-jyf6
20
vulnerability VCID-uqcw-p8g2-cfd2
21
vulnerability VCID-v9v6-ae3e-g3hk
22
vulnerability VCID-vevm-4sfk-f7gq
23
vulnerability VCID-wbuz-qcp3-43aq
24
vulnerability VCID-wbvy-zrtk-audw
25
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1
aliases GHSA-w333-5f96-mjrr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w3q4-838v-97ck
20
url VCID-wbuz-qcp3-43aq
vulnerability_id VCID-wbuz-qcp3-43aq
summary 
Improper Input Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
reference_id
reference_type
scores
0
value 0.00933
scoring_system epss
scoring_elements 0.76084
published_at 2026-04-02T12:55:00Z
1
value 0.00933
scoring_system epss
scoring_elements 0.7614
published_at 2026-04-13T12:55:00Z
2
value 0.00933
scoring_system epss
scoring_elements 0.76143
published_at 2026-04-12T12:55:00Z
3
value 0.00933
scoring_system epss
scoring_elements 0.76167
published_at 2026-04-11T12:55:00Z
4
value 0.00933
scoring_system epss
scoring_elements 0.76142
published_at 2026-04-09T12:55:00Z
5
value 0.00933
scoring_system epss
scoring_elements 0.76128
published_at 2026-04-08T12:55:00Z
6
value 0.00933
scoring_system epss
scoring_elements 0.76095
published_at 2026-04-07T12:55:00Z
7
value 0.00933
scoring_system epss
scoring_elements 0.76116
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
3
reference_url https://github.com/guzzle/psr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7
4
reference_url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
5
reference_url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
6
reference_url https://www.drupal.org/sa-core-2022-006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://www.drupal.org/sa-core-2022-006
7
reference_url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
reference_id 1008236
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
reference_id CVE-2022-24775
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
10
reference_url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
11
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
12
reference_url https://usn.ubuntu.com/6670-1/
reference_id USN-6670-1
reference_type
scores
url https://usn.ubuntu.com/6670-1/
fixed_packages
0
url pkg:composer/drupal/drupal@9.2.16
purl pkg:composer/drupal/drupal@9.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-674z-nf4t-b7ez
3
vulnerability VCID-6ck5-9e5b-w3ay
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-mapb-hsvc-2khc
7
vulnerability VCID-n7un-zgqv-jfef
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-rdgr-yuu7-xkey
10
vulnerability VCID-u4w3-usvb-jyf6
11
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.16
1
url pkg:composer/drupal/drupal@9.3.0-alpha1
purl pkg:composer/drupal/drupal@9.3.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-dgjq-y5zj-cud1
4
vulnerability VCID-mapb-hsvc-2khc
5
vulnerability VCID-n7un-zgqv-jfef
6
vulnerability VCID-q4qx-7s1y-q3hc
7
vulnerability VCID-rdgr-yuu7-xkey
8
vulnerability VCID-u4w3-usvb-jyf6
9
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.0-alpha1
2
url pkg:composer/drupal/drupal@9.3.9
purl pkg:composer/drupal/drupal@9.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-1qgc-gjdn-9fhk
2
vulnerability VCID-2s8m-ujzb-skd1
3
vulnerability VCID-674z-nf4t-b7ez
4
vulnerability VCID-6ck5-9e5b-w3ay
5
vulnerability VCID-bbzr-hbhv-yyee
6
vulnerability VCID-dgjq-y5zj-cud1
7
vulnerability VCID-mapb-hsvc-2khc
8
vulnerability VCID-n7un-zgqv-jfef
9
vulnerability VCID-q4qx-7s1y-q3hc
10
vulnerability VCID-rdgr-yuu7-xkey
11
vulnerability VCID-u4w3-usvb-jyf6
12
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.9
3
url pkg:composer/drupal/drupal@10.0.0-alpha1
purl pkg:composer/drupal/drupal@10.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-q4qx-7s1y-q3hc
3
vulnerability VCID-rdgr-yuu7-xkey
4
vulnerability VCID-u4w3-usvb-jyf6
5
vulnerability VCID-vevm-4sfk-f7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@10.0.0-alpha1
aliases CVE-2022-24775, GHSA-q7rv-6hp3-vh96
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbuz-qcp3-43aq
21
url VCID-wbvy-zrtk-audw
vulnerability_id VCID-wbvy-zrtk-audw
summary 
Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:
CVE-2020-28948
CVE-2020-28949

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files.
references
0
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml
2
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
3
reference_url https://github.com/advisories/GHSA-j66p-fvp2-fxhj
reference_id GHSA-j66p-fvp2-fxhj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j66p-fvp2-fxhj
fixed_packages
0
url pkg:composer/drupal/drupal@8.8.12
purl pkg:composer/drupal/drupal@8.8.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-k1gx-nznx-7qd6
6
vulnerability VCID-mapb-hsvc-2khc
7
vulnerability VCID-n7un-zgqv-jfef
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-r8pv-9upr-y7gd
10
vulnerability VCID-rdgr-yuu7-xkey
11
vulnerability VCID-u4w3-usvb-jyf6
12
vulnerability VCID-vevm-4sfk-f7gq
13
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.12
1
url pkg:composer/drupal/drupal@8.9.10
purl pkg:composer/drupal/drupal@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-k1gx-nznx-7qd6
6
vulnerability VCID-kc7d-5k6x-77bp
7
vulnerability VCID-mapb-hsvc-2khc
8
vulnerability VCID-n7un-zgqv-jfef
9
vulnerability VCID-q4qx-7s1y-q3hc
10
vulnerability VCID-r8pv-9upr-y7gd
11
vulnerability VCID-rdgr-yuu7-xkey
12
vulnerability VCID-u4w3-usvb-jyf6
13
vulnerability VCID-vevm-4sfk-f7gq
14
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.10
2
url pkg:composer/drupal/drupal@9.0.9
purl pkg:composer/drupal/drupal@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-k1gx-nznx-7qd6
6
vulnerability VCID-kc7d-5k6x-77bp
7
vulnerability VCID-mapb-hsvc-2khc
8
vulnerability VCID-n7un-zgqv-jfef
9
vulnerability VCID-q4qx-7s1y-q3hc
10
vulnerability VCID-r8pv-9upr-y7gd
11
vulnerability VCID-rdgr-yuu7-xkey
12
vulnerability VCID-u4w3-usvb-jyf6
13
vulnerability VCID-vevm-4sfk-f7gq
14
vulnerability VCID-wbuz-qcp3-43aq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.9
aliases GHSA-j66p-fvp2-fxhj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbvy-zrtk-audw
22
url VCID-ww44-hb2y-mfd5
vulnerability_id VCID-ww44-hb2y-mfd5
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44824
published_at 2026-04-01T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.44927
published_at 2026-04-04T12:55:00Z
2
value 0.00223
scoring_system epss
scoring_elements 0.44907
published_at 2026-04-02T12:55:00Z
3
value 0.00223
scoring_system epss
scoring_elements 0.44913
published_at 2026-04-13T12:55:00Z
4
value 0.00223
scoring_system epss
scoring_elements 0.44911
published_at 2026-04-12T12:55:00Z
5
value 0.00223
scoring_system epss
scoring_elements 0.44943
published_at 2026-04-11T12:55:00Z
6
value 0.00223
scoring_system epss
scoring_elements 0.44922
published_at 2026-04-09T12:55:00Z
7
value 0.00223
scoring_system epss
scoring_elements 0.4492
published_at 2026-04-08T12:55:00Z
8
value 0.00223
scoring_system epss
scoring_elements 0.44868
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
3
reference_url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
4
reference_url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
5
reference_url https://www.drupal.org/sa-core-2020-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-009
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
reference_id CVE-2020-13668
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
9
reference_url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
reference_id GHSA-m6q5-wv4x-fv6h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
fixed_packages
0
url pkg:composer/drupal/drupal@8.8.10
purl pkg:composer/drupal/drupal@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n7un-zgqv-jfef
10
vulnerability VCID-q4qx-7s1y-q3hc
11
vulnerability VCID-r8pv-9upr-y7gd
12
vulnerability VCID-rdgr-yuu7-xkey
13
vulnerability VCID-u4w3-usvb-jyf6
14
vulnerability VCID-v9v6-ae3e-g3hk
15
vulnerability VCID-vevm-4sfk-f7gq
16
vulnerability VCID-wbuz-qcp3-43aq
17
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10
1
url pkg:composer/drupal/drupal@8.9.6
purl pkg:composer/drupal/drupal@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-kc7d-5k6x-77bp
9
vulnerability VCID-mapb-hsvc-2khc
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-rdgr-yuu7-xkey
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-v9v6-ae3e-g3hk
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-wbuz-qcp3-43aq
18
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6
2
url pkg:composer/drupal/drupal@9.0.6
purl pkg:composer/drupal/drupal@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-6ck5-9e5b-w3ay
3
vulnerability VCID-6m8x-cfzp-tkf4
4
vulnerability VCID-bbzr-hbhv-yyee
5
vulnerability VCID-dgjq-y5zj-cud1
6
vulnerability VCID-gbz5-5frj-hber
7
vulnerability VCID-k1gx-nznx-7qd6
8
vulnerability VCID-kc7d-5k6x-77bp
9
vulnerability VCID-mapb-hsvc-2khc
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-q4qx-7s1y-q3hc
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-rdgr-yuu7-xkey
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-v9v6-ae3e-g3hk
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-wbuz-qcp3-43aq
18
vulnerability VCID-wbvy-zrtk-audw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6
aliases CVE-2020-13668, GHSA-m6q5-wv4x-fv6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww44-hb2y-mfd5
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.8