| 0 |
| url |
VCID-1922-fwnz-wkbt |
| vulnerability_id |
VCID-1922-fwnz-wkbt |
| summary |
Improper Privilege Management
When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6924 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00488 |
| scoring_system |
epss |
| scoring_elements |
0.65375 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00488 |
| scoring_system |
epss |
| scoring_elements |
0.65457 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00488 |
| scoring_system |
epss |
| scoring_elements |
0.65484 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00488 |
| scoring_system |
epss |
| scoring_elements |
0.65498 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00488 |
| scoring_system |
epss |
| scoring_elements |
0.65479 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00488 |
| scoring_system |
epss |
| scoring_elements |
0.65468 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00488 |
| scoring_system |
epss |
| scoring_elements |
0.65415 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00488 |
| scoring_system |
epss |
| scoring_elements |
0.65451 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00488 |
| scoring_system |
epss |
| scoring_elements |
0.65424 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6924 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6924 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:N |
|
| 1 |
| value |
7.4 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6924 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.3.0 |
| purl |
pkg:composer/drupal/drupal@8.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 3 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 4 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 5 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 6 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 7 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 8 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 9 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 10 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 11 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 12 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 13 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 14 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 15 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 16 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 17 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 18 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 19 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 20 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 21 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 22 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 23 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 24 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 25 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 26 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 27 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 28 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 29 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 30 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 31 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 32 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 33 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 34 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 35 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 36 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 37 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 38 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 39 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 40 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 41 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 42 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 43 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 44 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 45 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 46 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 47 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 48 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 49 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 50 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.0 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.3.7 |
| purl |
pkg:composer/drupal/drupal@8.3.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 3 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 4 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 5 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 8 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 9 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 10 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 11 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 12 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 13 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 14 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 15 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 16 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 17 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 18 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 19 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 20 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 21 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 22 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 23 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 24 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 25 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 26 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 27 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 28 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 29 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 30 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 31 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 32 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 33 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 34 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 35 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 36 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 37 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 38 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 39 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 40 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 41 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 42 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 43 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 44 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 45 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 46 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.7 |
|
|
| aliases |
CVE-2017-6924, GHSA-p8g6-5mg7-9r5q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1922-fwnz-wkbt |
|
| 1 |
| url |
VCID-349d-w26k-mqfw |
| vulnerability_id |
VCID-349d-w26k-mqfw |
| summary |
Moderately critical - Third-party libraries - SA-CORE-2019-007
The `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11831 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09656 |
| scoring_system |
epss |
| scoring_elements |
0.92901 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.09656 |
| scoring_system |
epss |
| scoring_elements |
0.929 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.09656 |
| scoring_system |
epss |
| scoring_elements |
0.92902 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.09656 |
| scoring_system |
epss |
| scoring_elements |
0.92897 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.10327 |
| scoring_system |
epss |
| scoring_elements |
0.93164 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.10327 |
| scoring_system |
epss |
| scoring_elements |
0.93155 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.10327 |
| scoring_system |
epss |
| scoring_elements |
0.93175 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.10327 |
| scoring_system |
epss |
| scoring_elements |
0.93167 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.10327 |
| scoring_system |
epss |
| scoring_elements |
0.93168 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11831 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.16 |
| purl |
pkg:composer/drupal/drupal@8.6.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 1 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 2 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 3 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 4 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 5 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 6 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 7 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 8 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 9 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 10 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 11 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 12 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 17 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 18 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 19 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.16 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.7.1 |
| purl |
pkg:composer/drupal/drupal@8.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 1 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 2 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 9 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 10 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 11 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 12 |
| vulnerability |
VCID-nj3a-eb59-jygs |
|
| 13 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 14 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 15 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 16 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 17 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 18 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 19 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 20 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 21 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 22 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.1 |
|
|
| aliases |
CVE-2019-11831, GHSA-xv7v-rf6g-xwrc
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-349d-w26k-mqfw |
|
| 2 |
| url |
VCID-381m-cmnk-ykef |
| vulnerability_id |
VCID-381m-cmnk-ykef |
| summary |
Information Exposure
The Views module in Drupal and the Views module might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6212 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00537 |
| scoring_system |
epss |
| scoring_elements |
0.67474 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00537 |
| scoring_system |
epss |
| scoring_elements |
0.67515 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00537 |
| scoring_system |
epss |
| scoring_elements |
0.67548 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00537 |
| scoring_system |
epss |
| scoring_elements |
0.67561 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00537 |
| scoring_system |
epss |
| scoring_elements |
0.67539 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00537 |
| scoring_system |
epss |
| scoring_elements |
0.67525 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00537 |
| scoring_system |
epss |
| scoring_elements |
0.67473 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00537 |
| scoring_system |
epss |
| scoring_elements |
0.67495 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00537 |
| scoring_system |
epss |
| scoring_elements |
0.67438 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6212 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.1.0 |
| purl |
pkg:composer/drupal/drupal@8.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-4wwt-vt76-dbe1 |
|
| 7 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 8 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 9 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 10 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 11 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 12 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 13 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 14 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 15 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 16 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 17 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 18 |
| vulnerability |
VCID-d4qd-ut89-gbf4 |
|
| 19 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 20 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 21 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 22 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 23 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 24 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 25 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 26 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 27 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 28 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 29 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 41 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 42 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 43 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 44 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 45 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 46 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 47 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 48 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 49 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 50 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 51 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 52 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 53 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 54 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 55 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 56 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 57 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 58 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
| 59 |
| vulnerability |
VCID-yty5-zn46-r3dj |
|
| 60 |
| vulnerability |
VCID-zvtp-4we3-qygx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.1.3 |
| purl |
pkg:composer/drupal/drupal@8.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-4wwt-vt76-dbe1 |
|
| 7 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 8 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 9 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 10 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 11 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 12 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 13 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 14 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 15 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 16 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 17 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 18 |
| vulnerability |
VCID-d4qd-ut89-gbf4 |
|
| 19 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 20 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 21 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 22 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 23 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 24 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 25 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 26 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 27 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 28 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 29 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 41 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 42 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 43 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 44 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 45 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 46 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 47 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 48 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 49 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 50 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 51 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 52 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 53 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 54 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 55 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 56 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 57 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 58 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
| 59 |
| vulnerability |
VCID-yty5-zn46-r3dj |
|
| 60 |
| vulnerability |
VCID-zvtp-4we3-qygx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.3 |
|
|
| aliases |
CVE-2016-6212, GHSA-rfxx-gxwc-923c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-381m-cmnk-ykef |
|
| 3 |
| url |
VCID-3fka-y25d-m7a3 |
| vulnerability_id |
VCID-3fka-y25d-m7a3 |
| summary |
Improper Input Validation
A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6339 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.76091 |
| scoring_system |
epss |
| scoring_elements |
0.98913 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.76091 |
| scoring_system |
epss |
| scoring_elements |
0.98921 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.76091 |
| scoring_system |
epss |
| scoring_elements |
0.9892 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.76091 |
| scoring_system |
epss |
| scoring_elements |
0.98918 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.76091 |
| scoring_system |
epss |
| scoring_elements |
0.98919 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.76091 |
| scoring_system |
epss |
| scoring_elements |
0.98917 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.76091 |
| scoring_system |
epss |
| scoring_elements |
0.98912 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.76091 |
| scoring_system |
epss |
| scoring_elements |
0.98915 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6339 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6339 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6339 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.9 |
| purl |
pkg:composer/drupal/drupal@8.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.6 |
| purl |
pkg:composer/drupal/drupal@8.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 2 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 7 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 8 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 9 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 10 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 11 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 12 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 13 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 14 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 15 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 16 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 17 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 18 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 19 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 20 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 21 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 22 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 23 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 24 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6 |
|
|
| aliases |
CVE-2019-6339, GHSA-8cw5-rv98-5c46
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3fka-y25d-m7a3 |
|
| 4 |
| url |
VCID-3hf4-tvxn-zyh4 |
| vulnerability_id |
VCID-3hf4-tvxn-zyh4 |
| summary |
Files uploaded by anonymous users accessed by other users
Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core does not provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6922 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01788 |
| scoring_system |
epss |
| scoring_elements |
0.82674 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01788 |
| scoring_system |
epss |
| scoring_elements |
0.8274 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.01788 |
| scoring_system |
epss |
| scoring_elements |
0.82744 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.01788 |
| scoring_system |
epss |
| scoring_elements |
0.82749 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.01788 |
| scoring_system |
epss |
| scoring_elements |
0.82732 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.01788 |
| scoring_system |
epss |
| scoring_elements |
0.82726 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01788 |
| scoring_system |
epss |
| scoring_elements |
0.827 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01788 |
| scoring_system |
epss |
| scoring_elements |
0.82704 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.01788 |
| scoring_system |
epss |
| scoring_elements |
0.8269 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6922 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6922 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:S/C:P/I:N/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6922 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.3.4 |
| purl |
pkg:composer/drupal/drupal@8.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 3 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 4 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 5 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 8 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 9 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 10 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 11 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 12 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 13 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 14 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 15 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 16 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 17 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 18 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 19 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 20 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 21 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 22 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 23 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 24 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 25 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 26 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 27 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 28 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 29 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 30 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 31 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 32 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 33 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 34 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 35 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 36 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 37 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 38 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 39 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 40 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 41 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 42 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 43 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 44 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 45 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 46 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4 |
|
|
| aliases |
CVE-2017-6922, GHSA-58f3-cx8p-h8jg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3hf4-tvxn-zyh4 |
|
| 5 |
| url |
VCID-48ut-ykkc-83fx |
| vulnerability_id |
VCID-48ut-ykkc-83fx |
| summary |
Comment reply form allows access to restricted content
Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6926 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58547 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58437 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58522 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58542 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58512 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58564 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58571 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58587 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58567 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6926 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 3 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 4 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 7 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 8 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 9 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 10 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 11 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 12 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 13 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 14 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 15 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 16 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 17 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 18 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 19 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 20 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 21 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 22 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 23 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 24 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 25 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 26 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 27 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 28 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 29 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 30 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 31 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 32 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 33 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 34 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 35 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 36 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 37 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 38 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 39 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 40 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6926, GHSA-2p28-5mvp-2j2r
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-48ut-ykkc-83fx |
|
| 6 |
| url |
VCID-4aer-46u2-23f6 |
| vulnerability_id |
VCID-4aer-46u2-23f6 |
| summary |
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the Enhanced Image plugin for CKEditor. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-9861 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.5884 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58802 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58821 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58698 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58794 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58763 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58815 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58822 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-9861 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-9861 |
| reference_id |
CVE-2018-9861 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-9861 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.7 |
| purl |
pkg:composer/drupal/drupal@8.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 6 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 7 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 8 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 9 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 10 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 11 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 12 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 13 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 14 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 15 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 16 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 17 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 18 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 19 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 20 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 21 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 22 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 23 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 24 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 25 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 26 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 27 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 28 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 29 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 30 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 31 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 32 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 33 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 34 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 35 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 36 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.5.2 |
| purl |
pkg:composer/drupal/drupal@8.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 6 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 7 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 8 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 9 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 10 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 11 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 12 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 13 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 14 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 15 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 16 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 17 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 18 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 19 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 20 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 21 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 22 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 23 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 24 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 25 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 26 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 27 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 28 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 29 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 30 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 31 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 32 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 33 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 34 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 35 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 36 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 37 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2 |
|
|
| aliases |
CVE-2018-9861, GHSA-g78h-pf65-46rv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4aer-46u2-23f6 |
|
| 7 |
| url |
VCID-4wwt-vt76-dbe1 |
| vulnerability_id |
VCID-4wwt-vt76-dbe1 |
| summary |
Cross-site Scripting in HTTP exceptions
An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7571 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.6002 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60045 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.59943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60068 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60085 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.601 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60079 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60065 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60015 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7571 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.1.10 |
| purl |
pkg:composer/drupal/drupal@8.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-d4qd-ut89-gbf4 |
|
| 18 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 19 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 20 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 21 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 22 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 23 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 24 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 25 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 26 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 27 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 28 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 29 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 30 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 31 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 32 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 33 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 34 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 35 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 36 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 37 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 38 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 39 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 40 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 41 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 42 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 43 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 44 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 45 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 46 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 47 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 48 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 49 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 50 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 51 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 52 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 53 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 54 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 55 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 56 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 57 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10 |
|
|
| aliases |
CVE-2016-7571, GHSA-vhg8-x858-7wq6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4wwt-vt76-dbe1 |
|
| 8 |
| url |
VCID-565p-mgqe-gkfc |
| vulnerability_id |
VCID-565p-mgqe-gkfc |
| summary |
Cross-site Scripting vulnerability in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.12 |
| purl |
pkg:composer/drupal/drupal@8.6.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 7 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 8 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 9 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 10 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 11 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 12 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 13 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 14 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 15 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 16 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 17 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 18 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 19 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 20 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 21 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 22 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.12 |
|
|
| aliases |
2019-03-20
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-565p-mgqe-gkfc |
|
| 9 |
| url |
VCID-5tqs-qmqn-gug5 |
| vulnerability_id |
VCID-5tqs-qmqn-gug5 |
| summary |
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
The Contextual Links module doesn't sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links". |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 8 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 9 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 10 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 11 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 12 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 13 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 14 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 15 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 16 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 17 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 18 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 19 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 20 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 21 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 22 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 23 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 24 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 25 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 26 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 27 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 28 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 29 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 30 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 31 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-jjx7-8462-w4m4
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5tqs-qmqn-gug5 |
|
| 10 |
| url |
VCID-636u-5bdw-puh4 |
| vulnerability_id |
VCID-636u-5bdw-puh4 |
| summary |
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10909 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58747 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58776 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58814 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58795 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58788 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58736 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58768 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58663 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10909 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.15 |
| purl |
pkg:composer/drupal/drupal@8.5.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 2 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 5 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 14 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 15 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 16 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 17 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 18 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 19 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 20 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.15 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.15 |
| purl |
pkg:composer/drupal/drupal@8.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 2 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 5 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 14 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 15 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 16 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 17 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 18 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 19 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 20 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.15 |
|
|
| aliases |
CVE-2019-10909, GHSA-g996-q5r8-w7g2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-636u-5bdw-puh4 |
|
| 11 |
| url |
VCID-6ck5-9e5b-w3ay |
| vulnerability_id |
VCID-6ck5-9e5b-w3ay |
| summary |
Improper access control
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25275 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59084 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59071 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59107 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59144 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59126 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59123 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25275 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://www.drupal.org/sa-core-2022-012 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-012 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-25275, GHSA-xh3v-6f9j-wxw3, GMS-2022-3362
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6ck5-9e5b-w3ay |
|
| 12 |
| url |
VCID-6m8x-cfzp-tkf4 |
| vulnerability_id |
VCID-6m8x-cfzp-tkf4 |
| summary |
Drupal core Unrestricted Upload of File with Dangerous Type
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13671 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04504 |
| scoring_system |
epss |
| scoring_elements |
0.89078 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04504 |
| scoring_system |
epss |
| scoring_elements |
0.89133 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.04504 |
| scoring_system |
epss |
| scoring_elements |
0.89135 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.04504 |
| scoring_system |
epss |
| scoring_elements |
0.89138 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.04504 |
| scoring_system |
epss |
| scoring_elements |
0.89127 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.04504 |
| scoring_system |
epss |
| scoring_elements |
0.89122 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.04504 |
| scoring_system |
epss |
| scoring_elements |
0.89105 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.04504 |
| scoring_system |
epss |
| scoring_elements |
0.89102 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.04504 |
| scoring_system |
epss |
| scoring_elements |
0.89087 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13671 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://www.drupal.org/sa-core-2020-012 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2020-012 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.11 |
| purl |
pkg:composer/drupal/drupal@8.8.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 5 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 8 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 9 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 10 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 11 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 12 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 13 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 14 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 15 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 16 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.9 |
| purl |
pkg:composer/drupal/drupal@8.9.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 5 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 10 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 11 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 12 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 17 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.9 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.8 |
| purl |
pkg:composer/drupal/drupal@9.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 5 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 10 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 11 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 12 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 17 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.8 |
|
|
| aliases |
CVE-2020-13671, GHSA-68jc-v27h-vhmw
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6m8x-cfzp-tkf4 |
|
| 13 |
| url |
VCID-8nda-kjr2-ufd4 |
| vulnerability_id |
VCID-8nda-kjr2-ufd4 |
| summary |
Drupal core Remote Code Execution
In Drupal core, when sending email some variables were not being sanitized for shell arguments in `DefaultMailSystem::mail()`, which could lead to remote code execution. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 8 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 9 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 10 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 11 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 12 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 13 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 14 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 15 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 16 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 17 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 18 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 19 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 20 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 21 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 22 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 23 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 24 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 25 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 26 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 27 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 28 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 29 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 30 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 31 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-jf8c-36vw-98x4
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8nda-kjr2-ufd4 |
|
| 14 |
| url |
VCID-9f24-vqyt-r7dq |
| vulnerability_id |
VCID-9f24-vqyt-r7dq |
| summary |
Language fallback can be incorrect on multilingual sites with node access restrictions
When using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records(). Note that the update will mark the node access tables as needing a rebuild, which will take a long time on sites with a large number of nodes. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6930 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.6218 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62065 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62125 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62156 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62126 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62176 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62194 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62211 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62201 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6930 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 3 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 4 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 7 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 8 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 9 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 10 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 11 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 12 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 13 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 14 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 15 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 16 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 17 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 18 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 19 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 20 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 21 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 22 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 23 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 24 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 25 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 26 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 27 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 28 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 29 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 30 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 31 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 32 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 33 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 34 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 35 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 36 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 37 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 38 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 39 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 40 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6930, GHSA-3327-jr93-7hq3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9f24-vqyt-r7dq |
|
| 15 |
| url |
VCID-9vdz-1jpq-kue3 |
| vulnerability_id |
VCID-9vdz-1jpq-kue3 |
| summary |
Cross-site Scripting
XSS vulnerabiltiy in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.7 |
| purl |
pkg:composer/drupal/drupal@8.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 6 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 7 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 8 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 9 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 10 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 11 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 12 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 13 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 14 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 15 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 16 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 17 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 18 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 19 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 20 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 21 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 22 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 23 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 24 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 25 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 26 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 27 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 28 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 29 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 30 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 31 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 32 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 33 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 34 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 35 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 36 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.5.0-alpha1 |
| purl |
pkg:composer/drupal/drupal@8.5.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 6 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 7 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 8 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 9 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 10 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 11 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 12 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 13 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 14 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 15 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 16 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 17 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 18 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 19 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 20 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 21 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 22 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 23 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 24 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 25 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 26 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 27 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 28 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 29 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 30 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 31 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 32 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 33 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 34 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 35 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 36 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.0-alpha1 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@8.5.2 |
| purl |
pkg:composer/drupal/drupal@8.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 6 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 7 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 8 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 9 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 10 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 11 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 12 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 13 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 14 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 15 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 16 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 17 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 18 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 19 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 20 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 21 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 22 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 23 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 24 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 25 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 26 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 27 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 28 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 29 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 30 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 31 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 32 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 33 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 34 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 35 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 36 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 37 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2 |
|
|
| aliases |
2018-04-18
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9vdz-1jpq-kue3 |
|
| 16 |
| url |
VCID-bbzr-hbhv-yyee |
| vulnerability_id |
VCID-bbzr-hbhv-yyee |
| summary |
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25273 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00282 |
| scoring_system |
epss |
| scoring_elements |
0.51563 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00282 |
| scoring_system |
epss |
| scoring_elements |
0.51586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00282 |
| scoring_system |
epss |
| scoring_elements |
0.51603 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00282 |
| scoring_system |
epss |
| scoring_elements |
0.51577 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00282 |
| scoring_system |
epss |
| scoring_elements |
0.51523 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00282 |
| scoring_system |
epss |
| scoring_elements |
0.51624 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00282 |
| scoring_system |
epss |
| scoring_elements |
0.51574 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00282 |
| scoring_system |
epss |
| scoring_elements |
0.51536 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25273 |
|
| 1 |
|
| 2 |
| reference_url |
https://www.drupal.org/sa-core-2022-008 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-008 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-25273, GHSA-g36h-4jr6-qmm9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bbzr-hbhv-yyee |
|
| 17 |
| url |
VCID-c9dm-17vt-4bbc |
| vulnerability_id |
VCID-c9dm-17vt-4bbc |
| summary |
Improper Access Control in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
2018-10-17-1
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c9dm-17vt-4bbc |
|
| 18 |
| url |
VCID-cucx-jfqf-pkd1 |
| vulnerability_id |
VCID-cucx-jfqf-pkd1 |
| summary |
Deserialization of Untrusted Data
Drupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6338 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01047 |
| scoring_system |
epss |
| scoring_elements |
0.77449 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01047 |
| scoring_system |
epss |
| scoring_elements |
0.77504 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.01047 |
| scoring_system |
epss |
| scoring_elements |
0.77507 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.01047 |
| scoring_system |
epss |
| scoring_elements |
0.77526 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.01047 |
| scoring_system |
epss |
| scoring_elements |
0.775 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.01047 |
| scoring_system |
epss |
| scoring_elements |
0.77491 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01047 |
| scoring_system |
epss |
| scoring_elements |
0.77461 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01047 |
| scoring_system |
epss |
| scoring_elements |
0.7748 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.01047 |
| scoring_system |
epss |
| scoring_elements |
0.77455 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6338 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6338 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:S/C:P/I:P/A:P |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6338 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.9 |
| purl |
pkg:composer/drupal/drupal@8.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.9 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.6 |
| purl |
pkg:composer/drupal/drupal@8.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 2 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 7 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 8 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 9 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 10 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 11 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 12 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 13 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 14 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 15 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 16 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 17 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 18 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 19 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 20 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 21 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 22 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 23 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 24 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.6 |
|
|
| aliases |
CVE-2019-6338, GHSA-6rmq-x2hv-vxpp
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cucx-jfqf-pkd1 |
|
| 19 |
| url |
VCID-d4qd-ut89-gbf4 |
| vulnerability_id |
VCID-d4qd-ut89-gbf4 |
| summary |
Remote code execution
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your production deployments. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6381 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03314 |
| scoring_system |
epss |
| scoring_elements |
0.87217 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.03314 |
| scoring_system |
epss |
| scoring_elements |
0.87259 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.03314 |
| scoring_system |
epss |
| scoring_elements |
0.87263 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.03314 |
| scoring_system |
epss |
| scoring_elements |
0.87269 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.03314 |
| scoring_system |
epss |
| scoring_elements |
0.87233 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.03314 |
| scoring_system |
epss |
| scoring_elements |
0.87207 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.03314 |
| scoring_system |
epss |
| scoring_elements |
0.87257 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.03314 |
| scoring_system |
epss |
| scoring_elements |
0.8725 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.03314 |
| scoring_system |
epss |
| scoring_elements |
0.8723 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6381 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6381 |
| reference_id |
CVE-2017-6381 |
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6381 |
|
| 68 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.1.0-beta1 |
| purl |
pkg:composer/drupal/drupal@8.1.0-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-381m-cmnk-ykef |
|
| 3 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 4 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 5 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 6 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 7 |
| vulnerability |
VCID-4wwt-vt76-dbe1 |
|
| 8 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 9 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 10 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 11 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 12 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 13 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 14 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 15 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 16 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 17 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 18 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 19 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 20 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 21 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 22 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 23 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 24 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 25 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 26 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 27 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 28 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 29 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 41 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 42 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 43 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 44 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 45 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 46 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 47 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 48 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 49 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 50 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 51 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 52 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 53 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 54 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 55 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 56 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 57 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
| 58 |
| vulnerability |
VCID-yty5-zn46-r3dj |
|
| 59 |
| vulnerability |
VCID-zawz-vky5-tkgt |
|
| 60 |
| vulnerability |
VCID-zvtp-4we3-qygx |
|
| 61 |
| vulnerability |
VCID-zxqc-67jp-uba7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0-beta1 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.2.0-beta1 |
| purl |
pkg:composer/drupal/drupal@8.2.0-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 18 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 19 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 20 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 21 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 22 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 23 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 24 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 25 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 26 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 27 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 28 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 29 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 30 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 31 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 32 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 33 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 34 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 35 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 36 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 37 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 38 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 39 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 40 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 41 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 42 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 43 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 44 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 45 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 46 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 47 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 48 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 49 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 50 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 51 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 52 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 53 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 54 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 55 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.0-beta1 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@8.2.2 |
| purl |
pkg:composer/drupal/drupal@8.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 18 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 19 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 20 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 21 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 22 |
| vulnerability |
VCID-hpsp-5qtj-v7dq |
|
| 23 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 24 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 25 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 26 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 27 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 28 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 29 |
| vulnerability |
VCID-m1ur-bb9m-m7d5 |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 41 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 42 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 43 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 44 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 45 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 46 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 47 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 48 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 49 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 50 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 51 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 52 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 53 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 54 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 55 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 56 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 57 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 58 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.2 |
|
| 3 |
| url |
pkg:composer/drupal/drupal@8.2.7 |
| purl |
pkg:composer/drupal/drupal@8.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 18 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 19 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 20 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 21 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 22 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 23 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 24 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 25 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 26 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 27 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 28 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 29 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 30 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 31 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 32 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 33 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 34 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 35 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 36 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 37 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 38 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 39 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 40 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 41 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 42 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 43 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 44 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 45 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 46 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 47 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 48 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 49 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 50 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 51 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 52 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 53 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.7 |
|
|
| aliases |
CVE-2017-6381, GHSA-rhx9-3qf7-r3j7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d4qd-ut89-gbf4 |
|
| 20 |
| url |
VCID-dgjq-y5zj-cud1 |
| vulnerability_id |
VCID-dgjq-y5zj-cud1 |
| summary |
Improper Access Control
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25278 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00452 |
| scoring_system |
epss |
| scoring_elements |
0.63732 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00452 |
| scoring_system |
epss |
| scoring_elements |
0.63711 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00452 |
| scoring_system |
epss |
| scoring_elements |
0.63737 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00452 |
| scoring_system |
epss |
| scoring_elements |
0.63697 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00452 |
| scoring_system |
epss |
| scoring_elements |
0.63749 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00452 |
| scoring_system |
epss |
| scoring_elements |
0.63766 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00452 |
| scoring_system |
epss |
| scoring_elements |
0.6378 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00452 |
| scoring_system |
epss |
| scoring_elements |
0.63765 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25278 |
|
| 1 |
|
| 2 |
| reference_url |
https://www.drupal.org/sa-core-2022-013 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-013 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-25278, GHSA-cfh2-7f6h-3m85
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dgjq-y5zj-cud1 |
|
| 21 |
| url |
VCID-fm5k-u7s6-wfhb |
| vulnerability_id |
VCID-fm5k-u7s6-wfhb |
| summary |
Entity Access Bypass
In versions of Drupal 8 core ; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6925 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00617 |
| scoring_system |
epss |
| scoring_elements |
0.69873 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00617 |
| scoring_system |
epss |
| scoring_elements |
0.69888 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00617 |
| scoring_system |
epss |
| scoring_elements |
0.69861 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00617 |
| scoring_system |
epss |
| scoring_elements |
0.69923 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00617 |
| scoring_system |
epss |
| scoring_elements |
0.69938 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00617 |
| scoring_system |
epss |
| scoring_elements |
0.69953 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00617 |
| scoring_system |
epss |
| scoring_elements |
0.69929 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00617 |
| scoring_system |
epss |
| scoring_elements |
0.69913 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00617 |
| scoring_system |
epss |
| scoring_elements |
0.69865 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6925 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6925 |
| reference_id |
CVE-2017-6925 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6925 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.3.0 |
| purl |
pkg:composer/drupal/drupal@8.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 3 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 4 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 5 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 6 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 7 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 8 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 9 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 10 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 11 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 12 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 13 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 14 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 15 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 16 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 17 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 18 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 19 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 20 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 21 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 22 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 23 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 24 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 25 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 26 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 27 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 28 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 29 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 30 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 31 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 32 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 33 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 34 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 35 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 36 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 37 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 38 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 39 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 40 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 41 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 42 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 43 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 44 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 45 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 46 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 47 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 48 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 49 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 50 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.0 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.3.7 |
| purl |
pkg:composer/drupal/drupal@8.3.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 3 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 4 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 5 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 8 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 9 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 10 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 11 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 12 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 13 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 14 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 15 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 16 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 17 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 18 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 19 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 20 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 21 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 22 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 23 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 24 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 25 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 26 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 27 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 28 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 29 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 30 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 31 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 32 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 33 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 34 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 35 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 36 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 37 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 38 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 39 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 40 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 41 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 42 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 43 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 44 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 45 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 46 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.7 |
|
|
| aliases |
CVE-2017-6925, GHSA-f4qx-jqfq-7785
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fm5k-u7s6-wfhb |
|
| 22 |
| url |
VCID-g1rp-twzp-63e1 |
| vulnerability_id |
VCID-g1rp-twzp-63e1 |
| summary |
Cross-site Scripting
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6929 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00603 |
| scoring_system |
epss |
| scoring_elements |
0.69505 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00603 |
| scoring_system |
epss |
| scoring_elements |
0.69559 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00603 |
| scoring_system |
epss |
| scoring_elements |
0.69573 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00603 |
| scoring_system |
epss |
| scoring_elements |
0.69588 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00603 |
| scoring_system |
epss |
| scoring_elements |
0.69567 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00603 |
| scoring_system |
epss |
| scoring_elements |
0.6955 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00603 |
| scoring_system |
epss |
| scoring_elements |
0.695 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00603 |
| scoring_system |
epss |
| scoring_elements |
0.6952 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00603 |
| scoring_system |
epss |
| scoring_elements |
0.69494 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6929 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.0 |
| purl |
pkg:composer/drupal/drupal@8.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 3 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 4 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 5 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 8 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 9 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 10 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 11 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 12 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 13 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 14 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 15 |
| vulnerability |
VCID-cuk6-hskr-yyau |
|
| 16 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 17 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 18 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 19 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 20 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 21 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 22 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 23 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 24 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 25 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 26 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 27 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 28 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 29 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 30 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 31 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 32 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 33 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 34 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 35 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 36 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 37 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 38 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 39 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 40 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 41 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 42 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 43 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 44 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 45 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 46 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 47 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.0 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 3 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 4 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 7 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 8 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 9 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 10 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 11 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 12 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 13 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 14 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 15 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 16 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 17 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 18 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 19 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 20 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 21 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 22 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 23 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 24 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 25 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 26 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 27 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 28 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 29 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 30 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 31 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 32 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 33 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 34 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 35 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 36 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 37 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 38 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 39 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 40 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6929, GHSA-5vpr-v24w-mmjj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g1rp-twzp-63e1 |
|
| 23 |
| url |
VCID-ga35-289v-vqhr |
| vulnerability_id |
VCID-ga35-289v-vqhr |
| summary |
Drupal Core Remote Code Execution Vulnerability
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://greysec.net/showthread.php?tid=2912&pid=10561 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://greysec.net/showthread.php?tid=2912&pid=10561 |
|
| 6 |
| reference_url |
https://groups.drupal.org/security/faq-2018-002 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://groups.drupal.org/security/faq-2018-002 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://twitter.com/RicterZ/status/979567469726613504 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://twitter.com/RicterZ/status/979567469726613504 |
|
| 11 |
| reference_url |
https://twitter.com/RicterZ/status/984495201354854401 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://twitter.com/RicterZ/status/984495201354854401 |
|
| 12 |
|
| 13 |
| reference_url |
https://www.debian.org/security/2018/dsa-4156 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://www.debian.org/security/2018/dsa-4156 |
|
| 14 |
| reference_url |
https://www.drupal.org/sa-core-2018-002 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2018-002 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
http://www.securityfocus.com/bid/103534 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
http://www.securityfocus.com/bid/103534 |
|
| 21 |
| reference_url |
http://www.securitytracker.com/id/1040598 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
http://www.securitytracker.com/id/1040598 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/a2u/CVE-2018-7600 |
| reference_id |
CVE-2018-7600 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://github.com/a2u/CVE-2018-7600 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE |
| reference_id |
CVE-2018-7600-DRUPAL-RCE |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:40:15Z/ |
|
|
| url |
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.3.9 |
| purl |
pkg:composer/drupal/drupal@8.3.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 3 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 4 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 7 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 8 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 9 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 10 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 11 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 12 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 13 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 14 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 15 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 16 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 17 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 18 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 19 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 20 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 21 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 22 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 23 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 24 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 25 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 26 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 27 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 28 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 29 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 30 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 31 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 32 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 33 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 34 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 35 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 36 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 37 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 38 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.9 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.4.6 |
| purl |
pkg:composer/drupal/drupal@8.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 3 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 4 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 7 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 8 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 9 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 10 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 11 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 12 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 13 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 14 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 15 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 16 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 17 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 18 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 19 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 20 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 21 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 22 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 23 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 24 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 25 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 26 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 27 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 28 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 29 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 30 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 31 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 32 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 33 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 34 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 35 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 36 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 37 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 38 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.6 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@8.5.1 |
| purl |
pkg:composer/drupal/drupal@8.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 3 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 4 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 7 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 8 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 9 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 10 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 11 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 12 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 13 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 14 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 15 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 16 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 17 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 18 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 19 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 20 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 21 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 22 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 23 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 24 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 25 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 26 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 27 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 28 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 29 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 30 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 31 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 32 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 33 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 34 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 35 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 36 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 37 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 38 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 39 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.1 |
|
|
| aliases |
CVE-2018-7600, GHSA-7fh9-933g-885p
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ga35-289v-vqhr |
|
| 24 |
| url |
VCID-gzcu-sbks-wyfa |
| vulnerability_id |
VCID-gzcu-sbks-wyfa |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
External URL injection through URL aliases in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
2018-10-17-2
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gzcu-sbks-wyfa |
|
| 25 |
| url |
VCID-hzr8-ttbu-ebhg |
| vulnerability_id |
VCID-hzr8-ttbu-ebhg |
| summary |
PECL YAML parser unsafe object handling
PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This can lead to remote code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6920 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.66148 |
| scoring_system |
epss |
| scoring_elements |
0.98509 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.66148 |
| scoring_system |
epss |
| scoring_elements |
0.98518 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.66148 |
| scoring_system |
epss |
| scoring_elements |
0.98516 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.66148 |
| scoring_system |
epss |
| scoring_elements |
0.98515 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.66148 |
| scoring_system |
epss |
| scoring_elements |
0.98512 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.66148 |
| scoring_system |
epss |
| scoring_elements |
0.98511 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.66148 |
| scoring_system |
epss |
| scoring_elements |
0.98507 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6920 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.3.4 |
| purl |
pkg:composer/drupal/drupal@8.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 3 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 4 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 5 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 8 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 9 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 10 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 11 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 12 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 13 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 14 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 15 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 16 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 17 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 18 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 19 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 20 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 21 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 22 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 23 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 24 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 25 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 26 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 27 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 28 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 29 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 30 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 31 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 32 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 33 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 34 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 35 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 36 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 37 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 38 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 39 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 40 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 41 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 42 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 43 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 44 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 45 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 46 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4 |
|
|
| aliases |
CVE-2017-6920, GHSA-9c24-g32g-35rj
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hzr8-ttbu-ebhg |
|
| 26 |
| url |
VCID-jfq8-xxwa-mkd1 |
| vulnerability_id |
VCID-jfq8-xxwa-mkd1 |
| summary |
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
The Drupal project uses the third-party library [Archive_Tar](https://pear.php.net/package/Archive_Tar/), which has released a security improvement that is needed to protect some Drupal configurations.
Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.
The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.11 |
| purl |
pkg:composer/drupal/drupal@8.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 1 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 2 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-nj3a-eb59-jygs |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 17 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 18 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.1 |
| purl |
pkg:composer/drupal/drupal@8.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 7 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 8 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 9 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 10 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 11 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 12 |
| vulnerability |
VCID-mhk6-9qdy-83f3 |
|
| 13 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 14 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 15 |
| vulnerability |
VCID-nj3a-eb59-jygs |
|
| 16 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 19 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 20 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 21 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 24 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 25 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1 |
|
|
| aliases |
GHSA-m9fv-whq2-6wmc
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jfq8-xxwa-mkd1 |
|
| 27 |
| url |
VCID-jnu7-1j9c-dqck |
| vulnerability_id |
VCID-jnu7-1j9c-dqck |
| summary |
JavaScript cross-site scripting prevention is incomplete
Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6927 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0139 |
| scoring_system |
epss |
| scoring_elements |
0.80305 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0139 |
| scoring_system |
epss |
| scoring_elements |
0.80325 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.0139 |
| scoring_system |
epss |
| scoring_elements |
0.80297 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0139 |
| scoring_system |
epss |
| scoring_elements |
0.8035 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0139 |
| scoring_system |
epss |
| scoring_elements |
0.80356 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0139 |
| scoring_system |
epss |
| scoring_elements |
0.80371 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0139 |
| scoring_system |
epss |
| scoring_elements |
0.80352 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0139 |
| scoring_system |
epss |
| scoring_elements |
0.80341 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.0139 |
| scoring_system |
epss |
| scoring_elements |
0.80313 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6927 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 3 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 4 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 7 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 8 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 9 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 10 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 11 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 12 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 13 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 14 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 15 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 16 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 17 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 18 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 19 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 20 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 21 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 22 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 23 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 24 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 25 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 26 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 27 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 28 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 29 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 30 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 31 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 32 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 33 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 34 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 35 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 36 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 37 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 38 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 39 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 40 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6927, GHSA-585j-5449-mf5m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jnu7-1j9c-dqck |
|
| 28 |
| url |
VCID-k1gx-nznx-7qd6 |
| vulnerability_id |
VCID-k1gx-nznx-7qd6 |
| summary |
Drupal core Cross-site Scripting (XSS) vulnerability
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13672 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00564 |
| scoring_system |
epss |
| scoring_elements |
0.68347 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00564 |
| scoring_system |
epss |
| scoring_elements |
0.68413 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00564 |
| scoring_system |
epss |
| scoring_elements |
0.68446 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00564 |
| scoring_system |
epss |
| scoring_elements |
0.68458 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00564 |
| scoring_system |
epss |
| scoring_elements |
0.68431 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00564 |
| scoring_system |
epss |
| scoring_elements |
0.68414 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00564 |
| scoring_system |
epss |
| scoring_elements |
0.68363 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00564 |
| scoring_system |
epss |
| scoring_elements |
0.68387 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00564 |
| scoring_system |
epss |
| scoring_elements |
0.68367 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13672 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-13672, GHSA-3m36-mjwj-352c
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k1gx-nznx-7qd6 |
|
| 29 |
| url |
VCID-kh51-g4cv-tqaw |
| vulnerability_id |
VCID-kh51-g4cv-tqaw |
| summary |
Drupal core uses a vulnerable Third-party library CKEditor
The Drupal project uses the third-party library [CKEditor](https://github.com/ckeditor/ckeditor4), which has released a [security improvement](https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed) that is needed to protect some Drupal configurations.
Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site's users. An attacker that can create or edit content may be able to exploit this Cross Site Scripting (XSS) vulnerability to target users with access to the WYSIWYG CKEditor, and this may include site admins with privileged access.
The latest versions of Drupal update CKEditor to 4.14 to mitigate the vulnerabilities. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.12 |
| purl |
pkg:composer/drupal/drupal@8.7.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 1 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 2 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 8 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 9 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 10 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 11 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 12 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 13 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 14 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 15 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 16 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.12 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.4 |
| purl |
pkg:composer/drupal/drupal@8.8.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 7 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 8 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 9 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 10 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 11 |
| vulnerability |
VCID-mhk6-9qdy-83f3 |
|
| 12 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 13 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 14 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 15 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 16 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 17 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 18 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 19 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 20 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 21 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 22 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 23 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.4 |
|
|
| aliases |
GHSA-337w-fxpq-5m34
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kh51-g4cv-tqaw |
|
| 30 |
| url |
VCID-krhy-kg1b-rfbk |
| vulnerability_id |
VCID-krhy-kg1b-rfbk |
| summary |
File REST resource does not properly validate
The file REST resource does not properly validate some fields when manipulating files. the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6921 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64204 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64289 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64262 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.6429 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64316 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64327 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64314 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64299 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64249 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6921 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6921 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
5.9 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 2 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6921 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.3.4 |
| purl |
pkg:composer/drupal/drupal@8.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 3 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 4 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 5 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 8 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 9 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 10 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 11 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 12 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 13 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 14 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 15 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 16 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 17 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 18 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 19 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 20 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 21 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 22 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 23 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 24 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 25 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 26 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 27 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 28 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 29 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 30 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 31 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 32 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 33 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 34 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 35 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 36 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 37 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 38 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 39 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 40 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 41 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 42 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 43 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 44 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 45 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 46 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4 |
|
|
| aliases |
CVE-2017-6921, GHSA-h377-287m-w2r9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-krhy-kg1b-rfbk |
|
| 31 |
| url |
VCID-mapb-hsvc-2khc |
| vulnerability_id |
VCID-mapb-hsvc-2khc |
| summary |
Unrestricted Upload of File with Dangerous Type
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously does not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25277 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00294 |
| scoring_system |
epss |
| scoring_elements |
0.5268 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00294 |
| scoring_system |
epss |
| scoring_elements |
0.52734 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00294 |
| scoring_system |
epss |
| scoring_elements |
0.5275 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00294 |
| scoring_system |
epss |
| scoring_elements |
0.52766 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00294 |
| scoring_system |
epss |
| scoring_elements |
0.52716 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00294 |
| scoring_system |
epss |
| scoring_elements |
0.52722 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00294 |
| scoring_system |
epss |
| scoring_elements |
0.52671 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00294 |
| scoring_system |
epss |
| scoring_elements |
0.52706 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25277 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://www.drupal.org/sa-core-2022-014 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.2 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-014 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-25277, GHSA-6955-67hm-vjjq, GMS-2022-3361
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mapb-hsvc-2khc |
|
| 32 |
| url |
VCID-n119-gta2-kfg1 |
| vulnerability_id |
VCID-n119-gta2-kfg1 |
| summary |
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13669 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00204 |
| scoring_system |
epss |
| scoring_elements |
0.42418 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00204 |
| scoring_system |
epss |
| scoring_elements |
0.42471 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00204 |
| scoring_system |
epss |
| scoring_elements |
0.42501 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00204 |
| scoring_system |
epss |
| scoring_elements |
0.42538 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00204 |
| scoring_system |
epss |
| scoring_elements |
0.42516 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00204 |
| scoring_system |
epss |
| scoring_elements |
0.42506 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00204 |
| scoring_system |
epss |
| scoring_elements |
0.42455 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00204 |
| scoring_system |
epss |
| scoring_elements |
0.42518 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00204 |
| scoring_system |
epss |
| scoring_elements |
0.42489 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13669 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.10 |
| purl |
pkg:composer/drupal/drupal@8.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 10 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 11 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 12 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 17 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.6 |
| purl |
pkg:composer/drupal/drupal@8.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 9 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 14 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 15 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 16 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 17 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 18 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.6 |
| purl |
pkg:composer/drupal/drupal@9.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 9 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 14 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 15 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 16 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 17 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 18 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6 |
|
|
| aliases |
CVE-2020-13669, GHSA-c533-c843-67h8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n119-gta2-kfg1 |
|
| 33 |
| url |
VCID-n7un-zgqv-jfef |
| vulnerability_id |
VCID-n7un-zgqv-jfef |
| summary |
Lack of domain validation in Druple core
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25276 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01256 |
| scoring_system |
epss |
| scoring_elements |
0.79371 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01256 |
| scoring_system |
epss |
| scoring_elements |
0.7933 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01256 |
| scoring_system |
epss |
| scoring_elements |
0.79353 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01256 |
| scoring_system |
epss |
| scoring_elements |
0.79339 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01256 |
| scoring_system |
epss |
| scoring_elements |
0.79365 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01256 |
| scoring_system |
epss |
| scoring_elements |
0.79374 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01256 |
| scoring_system |
epss |
| scoring_elements |
0.79397 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01256 |
| scoring_system |
epss |
| scoring_elements |
0.79382 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-25276 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-25276, GHSA-4wfq-jc9h-vpcx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n7un-zgqv-jfef |
|
| 34 |
| url |
VCID-nc36-atc6-yua6 |
| vulnerability_id |
VCID-nc36-atc6-yua6 |
| summary |
XSS Vulnerability
CKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.7 |
| purl |
pkg:composer/drupal/drupal@8.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 6 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 7 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 8 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 9 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 10 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 11 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 12 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 13 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 14 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 15 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 16 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 17 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 18 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 19 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 20 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 21 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 22 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 23 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 24 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 25 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 26 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 27 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 28 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 29 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 30 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 31 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 32 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 33 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 34 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 35 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 36 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.5.2 |
| purl |
pkg:composer/drupal/drupal@8.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 6 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 7 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 8 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 9 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 10 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 11 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 12 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 13 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 14 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 15 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 16 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 17 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 18 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 19 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 20 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 21 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 22 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 23 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 24 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 25 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 26 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 27 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 28 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 29 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 30 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 31 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 32 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 33 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 34 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 35 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 36 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 37 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2 |
|
|
| aliases |
SA-CORE-2018-003
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nc36-atc6-yua6 |
|
| 35 |
| url |
VCID-nd8n-5dsu-2fbp |
| vulnerability_id |
VCID-nd8n-5dsu-2fbp |
| summary |
Code Injection
Injection in `DefaultMailSystem::mail()`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
2018-10-17-4
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nd8n-5dsu-2fbp |
|
| 36 |
| url |
VCID-pk74-yy1n-8qck |
| vulnerability_id |
VCID-pk74-yy1n-8qck |
| summary |
Drupal core Access control bypass
The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.
### Solution:
If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11.
If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1.
Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.
Alternatively, you may mitigate this vulnerability by unchecking the "Enable advanced UI" checkbox on `/admin/config/media/media-library`. (This mitigation is not available in 8.7.x.) |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.11 |
| purl |
pkg:composer/drupal/drupal@8.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 1 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 2 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-nj3a-eb59-jygs |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 17 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 18 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.1 |
| purl |
pkg:composer/drupal/drupal@8.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 7 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 8 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 9 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 10 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 11 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 12 |
| vulnerability |
VCID-mhk6-9qdy-83f3 |
|
| 13 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 14 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 15 |
| vulnerability |
VCID-nj3a-eb59-jygs |
|
| 16 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 19 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 20 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 21 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 24 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 25 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1 |
|
|
| aliases |
GHSA-5x28-3f32-x523
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pk74-yy1n-8qck |
|
| 37 |
| url |
VCID-r8pv-9upr-y7gd |
| vulnerability_id |
VCID-r8pv-9upr-y7gd |
| summary |
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.
Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.2.4 |
| purl |
pkg:composer/drupal/drupal@9.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-674z-nf4t-b7ez |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-b4yh-gyrx-3yhh |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 7 |
| vulnerability |
VCID-gypk-ukbc-7qe3 |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 10 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 11 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 12 |
| vulnerability |
VCID-sbmj-9trz-2ybf |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 15 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 16 |
| vulnerability |
VCID-zw3u-6ue7-efdf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.4 |
|
|
| aliases |
GHSA-qf65-hph9-453r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r8pv-9upr-y7gd |
|
| 38 |
| url |
VCID-rhj7-dy7q-jkhw |
| vulnerability_id |
VCID-rhj7-dy7q-jkhw |
| summary |
Drupal Core Remote Code Execution Vulnerability
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://www.drupal.org/sa-core-2019-003 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2019-003 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6340 |
| reference_id |
CVE-2019-6340 |
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6340 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.11 |
| purl |
pkg:composer/drupal/drupal@8.5.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 2 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 7 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 8 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 9 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 10 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 11 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 12 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 13 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 14 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 15 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 16 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 17 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 18 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 19 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 20 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 21 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 22 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 23 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.10 |
| purl |
pkg:composer/drupal/drupal@8.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 2 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 7 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 8 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 9 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 10 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 11 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 12 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 13 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 14 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 15 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 16 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 17 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 18 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 19 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 20 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 21 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 22 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 23 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.10 |
|
|
| aliases |
CVE-2019-6340, GHSA-3gx6-h57h-rm27
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rhj7-dy7q-jkhw |
|
| 39 |
| url |
VCID-rr4q-f5cv-nkah |
| vulnerability_id |
VCID-rr4q-f5cv-nkah |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
Anonymous Open Redirect in drupal. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
2018-10-17-3
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rr4q-f5cv-nkah |
|
| 40 |
| url |
VCID-s9kv-9qfu-gbdq |
| vulnerability_id |
VCID-s9kv-9qfu-gbdq |
| summary |
Incorrect Permission Assignment for Critical Resource
When using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6928 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00277 |
| scoring_system |
epss |
| scoring_elements |
0.51075 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00277 |
| scoring_system |
epss |
| scoring_elements |
0.5117 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00277 |
| scoring_system |
epss |
| scoring_elements |
0.51185 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00277 |
| scoring_system |
epss |
| scoring_elements |
0.51207 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00277 |
| scoring_system |
epss |
| scoring_elements |
0.51162 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00277 |
| scoring_system |
epss |
| scoring_elements |
0.51166 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00277 |
| scoring_system |
epss |
| scoring_elements |
0.5111 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00277 |
| scoring_system |
epss |
| scoring_elements |
0.51153 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00277 |
| scoring_system |
epss |
| scoring_elements |
0.51129 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6928 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 3 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 4 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 7 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 8 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 9 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 10 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 11 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 12 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 13 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 14 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 15 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 16 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 17 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 18 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 19 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 20 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 21 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 22 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 23 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 24 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 25 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 26 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 27 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 28 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 29 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 30 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 31 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 32 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 33 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 34 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 35 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 36 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 37 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 38 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 39 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 40 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6928, GHSA-66mv-q8r2-hj8w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s9kv-9qfu-gbdq |
|
| 41 |
| url |
VCID-sktb-khbq-cuaq |
| vulnerability_id |
VCID-sktb-khbq-cuaq |
| summary |
Incorrect cache context on password reset page
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9450 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00227 |
| scoring_system |
epss |
| scoring_elements |
0.45439 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00227 |
| scoring_system |
epss |
| scoring_elements |
0.4546 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00227 |
| scoring_system |
epss |
| scoring_elements |
0.45365 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00227 |
| scoring_system |
epss |
| scoring_elements |
0.45452 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00227 |
| scoring_system |
epss |
| scoring_elements |
0.45451 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00227 |
| scoring_system |
epss |
| scoring_elements |
0.45481 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00227 |
| scoring_system |
epss |
| scoring_elements |
0.45459 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00227 |
| scoring_system |
epss |
| scoring_elements |
0.45405 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9450 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.2.3 |
| purl |
pkg:composer/drupal/drupal@8.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 18 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 19 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 20 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 21 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 22 |
| vulnerability |
VCID-hpsp-5qtj-v7dq |
|
| 23 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 24 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 25 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 26 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 27 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 28 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 29 |
| vulnerability |
VCID-m1ur-bb9m-m7d5 |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 41 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 42 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 43 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 44 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 45 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 46 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 47 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 48 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 49 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 50 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 51 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 52 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 53 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 54 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 55 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3 |
|
|
| aliases |
CVE-2016-9450, GHSA-98w5-wqp9-w466
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sktb-khbq-cuaq |
|
| 42 |
| url |
VCID-t84c-8r34-57b9 |
| vulnerability_id |
VCID-t84c-8r34-57b9 |
| summary |
Drupal Content moderation Access bypass
In some conditions, drupal content moderation fails to check a users access to use certain transitions, leading to an access bypass. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 8 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 9 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 10 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 11 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 12 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 13 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 14 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 15 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 16 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 17 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 18 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 19 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 20 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 21 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 22 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 23 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 24 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 25 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 26 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 27 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 28 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 29 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 30 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 31 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-86xw-vmcx-9mj4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t84c-8r34-57b9 |
|
| 43 |
| url |
VCID-ty3y-k9t2-qyba |
| vulnerability_id |
VCID-ty3y-k9t2-qyba |
| summary |
Drupal Malicious file upload with filenames stating with dot
Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did.
Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file.
After this fix, file_save_upload() now trims leading and trailing dots from filenames. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.11 |
| purl |
pkg:composer/drupal/drupal@8.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 1 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 2 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-nj3a-eb59-jygs |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 17 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 18 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.1 |
| purl |
pkg:composer/drupal/drupal@8.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 7 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 8 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 9 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 10 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 11 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 12 |
| vulnerability |
VCID-mhk6-9qdy-83f3 |
|
| 13 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 14 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 15 |
| vulnerability |
VCID-nj3a-eb59-jygs |
|
| 16 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 19 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 20 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 21 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 24 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 25 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1 |
|
|
| aliases |
GHSA-58xv-7h9r-mx3c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ty3y-k9t2-qyba |
|
| 44 |
| url |
VCID-u1xx-aazv-bkg5 |
| vulnerability_id |
VCID-u1xx-aazv-bkg5 |
| summary |
Improper Access Control
In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
2018-10-17-5
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u1xx-aazv-bkg5 |
|
| 45 |
| url |
VCID-u4w3-usvb-jyf6 |
| vulnerability_id |
VCID-u4w3-usvb-jyf6 |
| summary |
Drupal Full Path Disclosure
`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45440 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.86443 |
| scoring_system |
epss |
| scoring_elements |
0.99404 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.86443 |
| scoring_system |
epss |
| scoring_elements |
0.99405 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.87227 |
| scoring_system |
epss |
| scoring_elements |
0.99449 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.87227 |
| scoring_system |
epss |
| scoring_elements |
0.99448 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.87227 |
| scoring_system |
epss |
| scoring_elements |
0.99447 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.87227 |
| scoring_system |
epss |
| scoring_elements |
0.99445 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45440 |
|
| 1 |
| reference_url |
https://github.com/drupal/drupal |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/drupal/drupal |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://www.drupal.org/project/drupal/issues/3457781 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/ |
|
|
| url |
https://www.drupal.org/project/drupal/issues/3457781 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://www.exploit-db.com/exploits/52266 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://www.exploit-db.com/exploits/52266 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-45440, GHSA-mg8j-w93w-xjgc
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u4w3-usvb-jyf6 |
|
| 46 |
| url |
VCID-uqcw-p8g2-cfd2 |
| vulnerability_id |
VCID-uqcw-p8g2-cfd2 |
| summary |
Exposure of Resource to Wrong Sphere
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13670 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62226 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62313 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62283 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62334 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62355 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62366 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62346 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62329 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62279 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13670 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.10 |
| purl |
pkg:composer/drupal/drupal@8.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 10 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 11 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 12 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 17 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.6 |
| purl |
pkg:composer/drupal/drupal@8.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 9 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 14 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 15 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 16 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 17 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 18 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.6 |
| purl |
pkg:composer/drupal/drupal@9.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 9 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 14 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 15 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 16 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 17 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 18 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6 |
|
|
| aliases |
CVE-2020-13670, GHSA-mmjr-5q74-p3m4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uqcw-p8g2-cfd2 |
|
| 47 |
| url |
VCID-utyg-huhu-2ucq |
| vulnerability_id |
VCID-utyg-huhu-2ucq |
| summary |
Drupal External URL injection through URL aliases leading to Open Redirect
The path module in Drupal allows users with the 'administer paths' to create pretty URLs for content.
In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 8 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 9 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 10 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 11 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 12 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 13 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 14 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 15 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 16 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 17 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 18 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 19 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 20 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 21 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 22 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 23 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 24 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 25 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 26 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 27 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 28 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 29 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 30 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 31 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-r67r-42wx-c8r7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-utyg-huhu-2ucq |
|
| 48 |
| url |
VCID-vevm-4sfk-f7gq |
| vulnerability_id |
VCID-vevm-4sfk-f7gq |
| summary |
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-55634 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.74805 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.74846 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.74856 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.74877 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.74853 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.74806 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.74833 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00848 |
| scoring_system |
epss |
| scoring_elements |
0.74839 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-55634 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://www.drupal.org/sa-core-2024-004 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2024-004 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-55634, GHSA-7cwc-fjqm-8vh8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vevm-4sfk-f7gq |
|
| 49 |
| url |
VCID-vq5y-hdw3-nucj |
| vulnerability_id |
VCID-vq5y-hdw3-nucj |
| summary |
Drupal Anonymous Open Redirect
Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.5.8 |
| purl |
pkg:composer/drupal/drupal@8.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 8 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 9 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 10 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 11 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 12 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 13 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 14 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 15 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 16 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 17 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 18 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 19 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 20 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 21 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 22 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 23 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 24 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 25 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 26 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 27 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 28 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 29 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 30 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 31 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.6.2 |
| purl |
pkg:composer/drupal/drupal@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 5 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 6 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 7 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 8 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 9 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 10 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 11 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 12 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 13 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 14 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 15 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 16 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 19 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 20 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 21 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 24 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 25 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 26 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.2 |
|
|
| aliases |
GHSA-x6v2-xmrq-574j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vq5y-hdw3-nucj |
|
| 50 |
| url |
VCID-vy1y-zkf3-4ue4 |
| vulnerability_id |
VCID-vy1y-zkf3-4ue4 |
| summary |
Denial of service via transliterate mechanism
A specially crafted URL can cause a denial of service via the transliterate mechanism. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9452 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59319 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59356 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59374 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.5939 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59371 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59358 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59307 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59343 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59245 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9452 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.2.3 |
| purl |
pkg:composer/drupal/drupal@8.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 18 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 19 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 20 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 21 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 22 |
| vulnerability |
VCID-hpsp-5qtj-v7dq |
|
| 23 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 24 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 25 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 26 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 27 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 28 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 29 |
| vulnerability |
VCID-m1ur-bb9m-m7d5 |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 41 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 42 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 43 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 44 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 45 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 46 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 47 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 48 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 49 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 50 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 51 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 52 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 53 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 54 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 55 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3 |
|
|
| aliases |
CVE-2016-9452, GHSA-jpj8-49hr-wcwv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vy1y-zkf3-4ue4 |
|
| 51 |
| url |
VCID-w3q4-838v-97ck |
| vulnerability_id |
VCID-w3q4-838v-97ck |
| summary |
Drupal core Denial of Service
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.7.11 |
| purl |
pkg:composer/drupal/drupal@8.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 1 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 2 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 7 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-nj3a-eb59-jygs |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 17 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 18 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.7.11 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.8.1 |
| purl |
pkg:composer/drupal/drupal@8.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-5618-53yg-8qh4 |
|
| 3 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 4 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 5 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 6 |
| vulnerability |
VCID-cvxp-ctj9-guej |
|
| 7 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 8 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 9 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 10 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 11 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 12 |
| vulnerability |
VCID-mhk6-9qdy-83f3 |
|
| 13 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 14 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 15 |
| vulnerability |
VCID-nj3a-eb59-jygs |
|
| 16 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 17 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 18 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 19 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 20 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 21 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 22 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 23 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 24 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 25 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.1 |
|
|
| aliases |
GHSA-w333-5f96-mjrr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w3q4-838v-97ck |
|
| 52 |
| url |
VCID-wbuz-qcp3-43aq |
| vulnerability_id |
VCID-wbuz-qcp3-43aq |
| summary |
Improper Input Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24775 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00933 |
| scoring_system |
epss |
| scoring_elements |
0.76084 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00933 |
| scoring_system |
epss |
| scoring_elements |
0.7614 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00933 |
| scoring_system |
epss |
| scoring_elements |
0.76143 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00933 |
| scoring_system |
epss |
| scoring_elements |
0.76167 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00933 |
| scoring_system |
epss |
| scoring_elements |
0.76142 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00933 |
| scoring_system |
epss |
| scoring_elements |
0.76128 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00933 |
| scoring_system |
epss |
| scoring_elements |
0.76095 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00933 |
| scoring_system |
epss |
| scoring_elements |
0.76116 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24775 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://www.drupal.org/sa-core-2022-006 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2022-006 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24775, GHSA-q7rv-6hp3-vh96
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wbuz-qcp3-43aq |
|
| 53 |
| url |
VCID-wbvy-zrtk-audw |
| vulnerability_id |
VCID-wbvy-zrtk-audw |
| summary |
Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:
CVE-2020-28948
CVE-2020-28949
Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.
To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.12 |
| purl |
pkg:composer/drupal/drupal@8.8.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 5 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 6 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 7 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 8 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 9 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 10 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 11 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 12 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 13 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.12 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.10 |
| purl |
pkg:composer/drupal/drupal@8.9.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 5 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 6 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 7 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 8 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 9 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 10 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 11 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 12 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 13 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 14 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.10 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.9 |
| purl |
pkg:composer/drupal/drupal@9.0.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 4 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 5 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 6 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 7 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 8 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 9 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 10 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 11 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 12 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 13 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 14 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.9 |
|
|
| aliases |
GHSA-j66p-fvp2-fxhj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wbvy-zrtk-audw |
|
| 54 |
| url |
VCID-ww44-hb2y-mfd5 |
| vulnerability_id |
VCID-ww44-hb2y-mfd5 |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13668 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44824 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44927 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44907 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44913 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44911 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44943 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44922 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.4492 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44868 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13668 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.8.10 |
| purl |
pkg:composer/drupal/drupal@8.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 9 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 10 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 11 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 12 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 13 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 14 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 15 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 16 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 17 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.10 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.9.6 |
| purl |
pkg:composer/drupal/drupal@8.9.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 9 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 14 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 15 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 16 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 17 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 18 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.6 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@9.0.6 |
| purl |
pkg:composer/drupal/drupal@9.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nf6-3q5b-gqfm |
|
| 1 |
| vulnerability |
VCID-2s8m-ujzb-skd1 |
|
| 2 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 3 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 4 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 5 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 6 |
| vulnerability |
VCID-gbz5-5frj-hber |
|
| 7 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 8 |
| vulnerability |
VCID-kc7d-5k6x-77bp |
|
| 9 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 10 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 11 |
| vulnerability |
VCID-q4qx-7s1y-q3hc |
|
| 12 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 13 |
| vulnerability |
VCID-rdgr-yuu7-xkey |
|
| 14 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 15 |
| vulnerability |
VCID-v9v6-ae3e-g3hk |
|
| 16 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 17 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 18 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.6 |
|
|
| aliases |
CVE-2020-13668, GHSA-m6q5-wv4x-fv6h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ww44-hb2y-mfd5 |
|
| 55 |
| url |
VCID-wwvq-399y-rfhc |
| vulnerability_id |
VCID-wwvq-399y-rfhc |
| summary |
Drupal Core Remote Code Execution Vulnerability
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-7602 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-7602 |
|
| 7 |
|
| 8 |
| reference_url |
https://www.debian.org/security/2018/dsa-4180 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/ |
|
|
| url |
https://www.debian.org/security/2018/dsa-4180 |
|
| 9 |
| reference_url |
https://www.drupal.org/sa-core-2018-004 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:39:15Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2018-004 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.8 |
| purl |
pkg:composer/drupal/drupal@8.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 6 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 7 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 8 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 9 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 10 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 11 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 12 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 13 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 14 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 15 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 16 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 17 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 18 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 19 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 20 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 21 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 22 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 23 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 24 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 25 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 26 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 27 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 28 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 29 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 30 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 31 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 32 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 33 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 34 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 35 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.8 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.5.3 |
| purl |
pkg:composer/drupal/drupal@8.5.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 3 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 6 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 7 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 8 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 9 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 10 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 11 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 12 |
| vulnerability |
VCID-djgn-ezxp-37eu |
|
| 13 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 14 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 15 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 16 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 17 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 18 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 19 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 20 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 21 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 22 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 23 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 24 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 25 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 26 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 27 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 28 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 29 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 30 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 31 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 32 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 33 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 34 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 35 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 36 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.3 |
|
|
| aliases |
CVE-2018-7602, GHSA-297x-j9pm-xjgg
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wwvq-399y-rfhc |
|
| 56 |
| url |
VCID-y74s-ghyc-2bhs |
| vulnerability_id |
VCID-y74s-ghyc-2bhs |
| summary |
Access Bypass
This is a critical access bypass vulnerability in Drupal. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6919 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00598 |
| scoring_system |
epss |
| scoring_elements |
0.6933 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00598 |
| scoring_system |
epss |
| scoring_elements |
0.69386 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00598 |
| scoring_system |
epss |
| scoring_elements |
0.694 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00598 |
| scoring_system |
epss |
| scoring_elements |
0.69416 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00598 |
| scoring_system |
epss |
| scoring_elements |
0.69393 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00598 |
| scoring_system |
epss |
| scoring_elements |
0.69377 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00598 |
| scoring_system |
epss |
| scoring_elements |
0.69327 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00598 |
| scoring_system |
epss |
| scoring_elements |
0.69347 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00598 |
| scoring_system |
epss |
| scoring_elements |
0.69318 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6919 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6919 |
| reference_id |
CVE-2017-6919 |
| reference_type |
|
| scores |
| 0 |
| value |
6.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:S/C:P/I:P/A:P |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6919 |
|
| 81 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.1.0-beta1 |
| purl |
pkg:composer/drupal/drupal@8.1.0-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-381m-cmnk-ykef |
|
| 3 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 4 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 5 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 6 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 7 |
| vulnerability |
VCID-4wwt-vt76-dbe1 |
|
| 8 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 9 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 10 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 11 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 12 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 13 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 14 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 15 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 16 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 17 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 18 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 19 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 20 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 21 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 22 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 23 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 24 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 25 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 26 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 27 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 28 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 29 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 41 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 42 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 43 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 44 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 45 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 46 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 47 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 48 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 49 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 50 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 51 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 52 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 53 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 54 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 55 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 56 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 57 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
| 58 |
| vulnerability |
VCID-yty5-zn46-r3dj |
|
| 59 |
| vulnerability |
VCID-zawz-vky5-tkgt |
|
| 60 |
| vulnerability |
VCID-zvtp-4we3-qygx |
|
| 61 |
| vulnerability |
VCID-zxqc-67jp-uba7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0-beta1 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.2.0-beta1 |
| purl |
pkg:composer/drupal/drupal@8.2.0-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 18 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 19 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 20 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 21 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 22 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 23 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 24 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 25 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 26 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 27 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 28 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 29 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 30 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 31 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 32 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 33 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 34 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 35 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 36 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 37 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 38 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 39 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 40 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 41 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 42 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 43 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 44 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 45 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 46 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 47 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 48 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 49 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 50 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 51 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 52 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 53 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 54 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 55 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.0-beta1 |
|
| 2 |
| url |
pkg:composer/drupal/drupal@8.2.8 |
| purl |
pkg:composer/drupal/drupal@8.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 18 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 19 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 20 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 21 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 22 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 23 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 24 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 25 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 26 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 27 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 28 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 29 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 30 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 31 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 32 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 33 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 34 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 35 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 36 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 37 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 38 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 39 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 40 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 41 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 42 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 43 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 44 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 45 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 46 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 47 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 48 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 49 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 50 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 51 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 52 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.8 |
|
| 3 |
| url |
pkg:composer/drupal/drupal@8.3.1 |
| purl |
pkg:composer/drupal/drupal@8.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 3 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 4 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 5 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 6 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 7 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 8 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 9 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 10 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 11 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 12 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 13 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 14 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 15 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 16 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 17 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 18 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 19 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 20 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 21 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 22 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 23 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 24 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 25 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 26 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 27 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 28 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 29 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 30 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 31 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 32 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 33 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 34 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 35 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 36 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 37 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 38 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 39 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 40 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 41 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 42 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 43 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 44 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 45 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 46 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 47 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 48 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 49 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.1 |
|
|
| aliases |
CVE-2017-6919, GHSA-6hpj-9xj7-2jxx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y74s-ghyc-2bhs |
|
| 57 |
| url |
VCID-yare-57j9-j7cs |
| vulnerability_id |
VCID-yare-57j9-j7cs |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
Drupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6932 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.595 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59614 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59634 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.5965 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59618 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59567 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59598 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00383 |
| scoring_system |
epss |
| scoring_elements |
0.59573 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6932 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.4.5 |
| purl |
pkg:composer/drupal/drupal@8.4.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 3 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 4 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 7 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 8 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 9 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 10 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 11 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 12 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 13 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 14 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 15 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 16 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 17 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 18 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 19 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 20 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 21 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 22 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 23 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 24 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 25 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 26 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 27 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 28 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 29 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 30 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 31 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 32 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 33 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 34 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 35 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 36 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 37 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 38 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 39 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 40 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5 |
|
|
| aliases |
CVE-2017-6932, GHSA-wm86-w3cf-h6vm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yare-57j9-j7cs |
|
| 58 |
| url |
VCID-ymka-jfep-87gt |
| vulnerability_id |
VCID-ymka-jfep-87gt |
| summary |
Missing Authorization
When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6923 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72279 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72326 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72338 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72354 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72331 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72319 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.7228 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72304 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00714 |
| scoring_system |
epss |
| scoring_elements |
0.72285 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6923 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6923 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:S/C:P/I:N/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-6923 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.3.0 |
| purl |
pkg:composer/drupal/drupal@8.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 3 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 4 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 5 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 6 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 7 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 8 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 9 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 10 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 11 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 12 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 13 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 14 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 15 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 16 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 17 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 18 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 19 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 20 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 21 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 22 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 23 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 24 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 25 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 26 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 27 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 28 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 29 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 30 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 31 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 32 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 33 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 34 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 35 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 36 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 37 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 38 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 39 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 40 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 41 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 42 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 43 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 44 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 45 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 46 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 47 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 48 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 49 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 50 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.0 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.3.7 |
| purl |
pkg:composer/drupal/drupal@8.3.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 1 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 2 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 3 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 4 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 5 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 8 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 9 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 10 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 11 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 12 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 13 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 14 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 15 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 16 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 17 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 18 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 19 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 20 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 21 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 22 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 23 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 24 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 25 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 26 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 27 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 28 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 29 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 30 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 31 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 32 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 33 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 34 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 35 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 36 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 37 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 38 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 39 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 40 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 41 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 42 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 43 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 44 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 45 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 46 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.7 |
|
|
| aliases |
CVE-2017-6923, GHSA-v3f6-f29f-rgvp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ymka-jfep-87gt |
|
| 59 |
| url |
VCID-yrzt-3m97-53ce |
| vulnerability_id |
VCID-yrzt-3m97-53ce |
| summary |
Unprivileged access to taxonomy terms
Modules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9449 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44037 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44011 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44027 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44045 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.4406 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.43989 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44042 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.43991 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9449 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.2.3 |
| purl |
pkg:composer/drupal/drupal@8.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 18 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 19 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 20 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 21 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 22 |
| vulnerability |
VCID-hpsp-5qtj-v7dq |
|
| 23 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 24 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 25 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 26 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 27 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 28 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 29 |
| vulnerability |
VCID-m1ur-bb9m-m7d5 |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 41 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 42 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 43 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 44 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 45 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 46 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 47 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 48 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 49 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 50 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 51 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 52 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 53 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 54 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 55 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3 |
|
|
| aliases |
CVE-2016-9449, GHSA-p745-347h-hjfw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzt-3m97-53ce |
|
| 60 |
| url |
VCID-yty5-zn46-r3dj |
| vulnerability_id |
VCID-yty5-zn46-r3dj |
| summary |
Unprivileged access to "Administer comments"
Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7570 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57006 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57143 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57164 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57152 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.5715 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57099 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57123 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.571 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7570 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.1.10 |
| purl |
pkg:composer/drupal/drupal@8.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-d4qd-ut89-gbf4 |
|
| 18 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 19 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 20 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 21 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 22 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 23 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 24 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 25 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 26 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 27 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 28 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 29 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 30 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 31 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 32 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 33 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 34 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 35 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 36 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 37 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 38 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 39 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 40 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 41 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 42 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 43 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 44 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 45 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 46 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 47 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 48 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 49 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 50 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 51 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 52 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 53 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 54 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 55 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 56 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 57 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10 |
|
|
| aliases |
CVE-2016-7570, GHSA-6g9h-6v79-w4pc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yty5-zn46-r3dj |
|
| 61 |
| url |
VCID-zawz-vky5-tkgt |
| vulnerability_id |
VCID-zawz-vky5-tkgt |
| summary |
Improper Access Control
PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an `httpoxy` issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5385 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.81346 |
| scoring_system |
epss |
| scoring_elements |
0.99162 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.81346 |
| scoring_system |
epss |
| scoring_elements |
0.9917 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.81346 |
| scoring_system |
epss |
| scoring_elements |
0.99168 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.81346 |
| scoring_system |
epss |
| scoring_elements |
0.99169 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.81346 |
| scoring_system |
epss |
| scoring_elements |
0.99163 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.81346 |
| scoring_system |
epss |
| scoring_elements |
0.99165 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5385 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.1.0 |
| purl |
pkg:composer/drupal/drupal@8.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-4wwt-vt76-dbe1 |
|
| 7 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 8 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 9 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 10 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 11 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 12 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 13 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 14 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 15 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 16 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 17 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 18 |
| vulnerability |
VCID-d4qd-ut89-gbf4 |
|
| 19 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 20 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 21 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 22 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 23 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 24 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 25 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 26 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 27 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 28 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 29 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 41 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 42 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 43 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 44 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 45 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 46 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 47 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 48 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 49 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 50 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 51 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 52 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 53 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 54 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 55 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 56 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 57 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 58 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
| 59 |
| vulnerability |
VCID-yty5-zn46-r3dj |
|
| 60 |
| vulnerability |
VCID-zvtp-4we3-qygx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0 |
|
| 1 |
| url |
pkg:composer/drupal/drupal@8.1.7 |
| purl |
pkg:composer/drupal/drupal@8.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-4wwt-vt76-dbe1 |
|
| 7 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 8 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 9 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 10 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 11 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 12 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 13 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 14 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 15 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 16 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 17 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 18 |
| vulnerability |
VCID-d4qd-ut89-gbf4 |
|
| 19 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 20 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 21 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 22 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 23 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 24 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 25 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 26 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 27 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 28 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 29 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 41 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 42 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 43 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 44 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 45 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 46 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 47 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 48 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 49 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 50 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 51 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 52 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 53 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 54 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 55 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 56 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 57 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 58 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
| 59 |
| vulnerability |
VCID-yty5-zn46-r3dj |
|
| 60 |
| vulnerability |
VCID-zvtp-4we3-qygx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.7 |
|
|
| aliases |
CVE-2016-5385, GHSA-m6ch-gg5f-wxx3
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zawz-vky5-tkgt |
|
| 62 |
| url |
VCID-zvtp-4we3-qygx |
| vulnerability_id |
VCID-zvtp-4we3-qygx |
| summary |
Unprivileged access to config export
The `system.temporary` route allows the download of a full config export. The full config export should be limited to those with "Export configuration" permission. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7572 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00252 |
| scoring_system |
epss |
| scoring_elements |
0.48545 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00252 |
| scoring_system |
epss |
| scoring_elements |
0.48577 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00252 |
| scoring_system |
epss |
| scoring_elements |
0.48564 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00252 |
| scoring_system |
epss |
| scoring_elements |
0.48591 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00252 |
| scoring_system |
epss |
| scoring_elements |
0.48568 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00252 |
| scoring_system |
epss |
| scoring_elements |
0.4851 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00252 |
| scoring_system |
epss |
| scoring_elements |
0.4857 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00252 |
| scoring_system |
epss |
| scoring_elements |
0.48574 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00252 |
| scoring_system |
epss |
| scoring_elements |
0.4852 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7572 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.1.10 |
| purl |
pkg:composer/drupal/drupal@8.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 7 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 8 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 9 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 10 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 11 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 12 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 13 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 14 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 15 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 16 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 17 |
| vulnerability |
VCID-d4qd-ut89-gbf4 |
|
| 18 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 19 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 20 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 21 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 22 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 23 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 24 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 25 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 26 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 27 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 28 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 29 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 30 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 31 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 32 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 33 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 34 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 35 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 36 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 37 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 38 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 39 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 40 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 41 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 42 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 43 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 44 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 45 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 46 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 47 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 48 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 49 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 50 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 51 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 52 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 53 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 54 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 55 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 56 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 57 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10 |
|
|
| aliases |
CVE-2016-7572, GHSA-fmqh-2j2x-vgp3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zvtp-4we3-qygx |
|
| 63 |
| url |
VCID-zxqc-67jp-uba7 |
| vulnerability_id |
VCID-zxqc-67jp-uba7 |
| summary |
Saving user accounts can sometimes grant the user all roles
The User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6211 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.7825 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78299 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78304 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78321 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78295 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78289 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78263 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78281 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78242 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-6211 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/drupal/drupal@8.1.0 |
| purl |
pkg:composer/drupal/drupal@8.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1922-fwnz-wkbt |
|
| 1 |
| vulnerability |
VCID-349d-w26k-mqfw |
|
| 2 |
| vulnerability |
VCID-3fka-y25d-m7a3 |
|
| 3 |
| vulnerability |
VCID-3hf4-tvxn-zyh4 |
|
| 4 |
| vulnerability |
VCID-48ut-ykkc-83fx |
|
| 5 |
| vulnerability |
VCID-4aer-46u2-23f6 |
|
| 6 |
| vulnerability |
VCID-4wwt-vt76-dbe1 |
|
| 7 |
| vulnerability |
VCID-565p-mgqe-gkfc |
|
| 8 |
| vulnerability |
VCID-5tqs-qmqn-gug5 |
|
| 9 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 10 |
| vulnerability |
VCID-6ck5-9e5b-w3ay |
|
| 11 |
| vulnerability |
VCID-6m8x-cfzp-tkf4 |
|
| 12 |
| vulnerability |
VCID-8nda-kjr2-ufd4 |
|
| 13 |
| vulnerability |
VCID-9f24-vqyt-r7dq |
|
| 14 |
| vulnerability |
VCID-9vdz-1jpq-kue3 |
|
| 15 |
| vulnerability |
VCID-bbzr-hbhv-yyee |
|
| 16 |
| vulnerability |
VCID-c9dm-17vt-4bbc |
|
| 17 |
| vulnerability |
VCID-cucx-jfqf-pkd1 |
|
| 18 |
| vulnerability |
VCID-d4qd-ut89-gbf4 |
|
| 19 |
| vulnerability |
VCID-dgjq-y5zj-cud1 |
|
| 20 |
| vulnerability |
VCID-fm5k-u7s6-wfhb |
|
| 21 |
| vulnerability |
VCID-g1rp-twzp-63e1 |
|
| 22 |
| vulnerability |
VCID-ga35-289v-vqhr |
|
| 23 |
| vulnerability |
VCID-gzcu-sbks-wyfa |
|
| 24 |
| vulnerability |
VCID-hzr8-ttbu-ebhg |
|
| 25 |
| vulnerability |
VCID-jfq8-xxwa-mkd1 |
|
| 26 |
| vulnerability |
VCID-jnu7-1j9c-dqck |
|
| 27 |
| vulnerability |
VCID-k1gx-nznx-7qd6 |
|
| 28 |
| vulnerability |
VCID-kh51-g4cv-tqaw |
|
| 29 |
| vulnerability |
VCID-krhy-kg1b-rfbk |
|
| 30 |
| vulnerability |
VCID-mapb-hsvc-2khc |
|
| 31 |
| vulnerability |
VCID-n119-gta2-kfg1 |
|
| 32 |
| vulnerability |
VCID-n7un-zgqv-jfef |
|
| 33 |
| vulnerability |
VCID-nc36-atc6-yua6 |
|
| 34 |
| vulnerability |
VCID-nd8n-5dsu-2fbp |
|
| 35 |
| vulnerability |
VCID-pk74-yy1n-8qck |
|
| 36 |
| vulnerability |
VCID-r8pv-9upr-y7gd |
|
| 37 |
| vulnerability |
VCID-rhj7-dy7q-jkhw |
|
| 38 |
| vulnerability |
VCID-rr4q-f5cv-nkah |
|
| 39 |
| vulnerability |
VCID-s9kv-9qfu-gbdq |
|
| 40 |
| vulnerability |
VCID-sktb-khbq-cuaq |
|
| 41 |
| vulnerability |
VCID-t84c-8r34-57b9 |
|
| 42 |
| vulnerability |
VCID-ty3y-k9t2-qyba |
|
| 43 |
| vulnerability |
VCID-u1xx-aazv-bkg5 |
|
| 44 |
| vulnerability |
VCID-u4w3-usvb-jyf6 |
|
| 45 |
| vulnerability |
VCID-uqcw-p8g2-cfd2 |
|
| 46 |
| vulnerability |
VCID-utyg-huhu-2ucq |
|
| 47 |
| vulnerability |
VCID-vevm-4sfk-f7gq |
|
| 48 |
| vulnerability |
VCID-vq5y-hdw3-nucj |
|
| 49 |
| vulnerability |
VCID-vy1y-zkf3-4ue4 |
|
| 50 |
| vulnerability |
VCID-w3q4-838v-97ck |
|
| 51 |
| vulnerability |
VCID-wbuz-qcp3-43aq |
|
| 52 |
| vulnerability |
VCID-wbvy-zrtk-audw |
|
| 53 |
| vulnerability |
VCID-ww44-hb2y-mfd5 |
|
| 54 |
| vulnerability |
VCID-wwvq-399y-rfhc |
|
| 55 |
| vulnerability |
VCID-y74s-ghyc-2bhs |
|
| 56 |
| vulnerability |
VCID-yare-57j9-j7cs |
|
| 57 |
| vulnerability |
VCID-ymka-jfep-87gt |
|
| 58 |
| vulnerability |
VCID-yrzt-3m97-53ce |
|
| 59 |
| vulnerability |
VCID-yty5-zn46-r3dj |
|
| 60 |
| vulnerability |
VCID-zvtp-4we3-qygx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0 |
|
|
| aliases |
CVE-2016-6211, GHSA-frqf-9qr4-6vxf
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zxqc-67jp-uba7 |
|