Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@8.9.0-rc1
Typecomposer
Namespacedrupal
Namecore
Version8.9.0-rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.4.9
Latest_non_vulnerable_version11.3.7
Affected_by_vulnerabilities
0
url VCID-2c5f-q858-huaw
vulnerability_id VCID-2c5f-q858-huaw
summary 
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54855
published_at 2026-06-05T12:55:00Z
1
value 0.00314
scoring_system epss
scoring_elements 0.5484
published_at 2026-06-08T12:55:00Z
2
value 0.00314
scoring_system epss
scoring_elements 0.54859
published_at 2026-06-07T12:55:00Z
3
value 0.00314
scoring_system epss
scoring_elements 0.54866
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/
url https://www.drupal.org/sa-core-2025-003
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
reference_id CVE-2025-31674
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
4
reference_url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
reference_id GHSA-2qph-q8xw-gv7q
reference_type
scores
url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31674, GHSA-2qph-q8xw-gv7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c5f-q858-huaw
1
url VCID-2fas-m6vh-myhc
vulnerability_id VCID-2fas-m6vh-myhc
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41829
published_at 2026-06-06T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41766
published_at 2026-06-08T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.418
published_at 2026-06-07T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.41744
published_at 2026-06-04T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.4182
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
3
reference_url https://www.drupal.org/sa-core-2021-010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-010
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
reference_id CVE-2020-13677
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
6
reference_url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
reference_id GHSA-3xr3-phjp-g6p2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2g67-a42m-qfbh
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-4p4c-7rdc-37fa
4
vulnerability VCID-54qh-fz2a-cyh6
5
vulnerability VCID-5nbj-5x5a-93hz
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-a3s2-c4k2-4ufn
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ard5-3cjv-1beu
10
vulnerability VCID-b266-wste-eqh6
11
vulnerability VCID-b8fw-ya7y-h7d8
12
vulnerability VCID-bge7-rqsx-gfee
13
vulnerability VCID-deks-ns51-nbdg
14
vulnerability VCID-dyhz-g3nv-yuc3
15
vulnerability VCID-egtv-y9w1-skgr
16
vulnerability VCID-hay8-hvsq-33bm
17
vulnerability VCID-hkch-a5yn-jyg1
18
vulnerability VCID-j7bj-atys-qfg3
19
vulnerability VCID-kzrs-mrga-nyej
20
vulnerability VCID-p54u-b18k-jyft
21
vulnerability VCID-qwge-qrwn-1faj
22
vulnerability VCID-rd4g-h1j9-23cb
23
vulnerability VCID-t89y-c9hq-9bhk
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-ydy1-x277-1fhj
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13677, GHSA-3xr3-phjp-g6p2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fas-m6vh-myhc
2
url VCID-2t34-82p3-73c3
vulnerability_id VCID-2t34-82p3-73c3
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52142
published_at 2026-06-06T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.52091
published_at 2026-06-08T12:55:00Z
2
value 0.00285
scoring_system epss
scoring_elements 0.52122
published_at 2026-06-07T12:55:00Z
3
value 0.00285
scoring_system epss
scoring_elements 0.52072
published_at 2026-06-04T12:55:00Z
4
value 0.00285
scoring_system epss
scoring_elements 0.52133
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
3
reference_url https://www.drupal.org/sa-core-2021-009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-009
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
reference_id CVE-2020-13676
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
6
reference_url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
reference_id GHSA-qfhg-m6r8-xxpj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2g67-a42m-qfbh
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-4p4c-7rdc-37fa
4
vulnerability VCID-54qh-fz2a-cyh6
5
vulnerability VCID-5nbj-5x5a-93hz
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-a3s2-c4k2-4ufn
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ard5-3cjv-1beu
10
vulnerability VCID-b266-wste-eqh6
11
vulnerability VCID-b8fw-ya7y-h7d8
12
vulnerability VCID-bge7-rqsx-gfee
13
vulnerability VCID-deks-ns51-nbdg
14
vulnerability VCID-dyhz-g3nv-yuc3
15
vulnerability VCID-egtv-y9w1-skgr
16
vulnerability VCID-hay8-hvsq-33bm
17
vulnerability VCID-hkch-a5yn-jyg1
18
vulnerability VCID-j7bj-atys-qfg3
19
vulnerability VCID-kzrs-mrga-nyej
20
vulnerability VCID-p54u-b18k-jyft
21
vulnerability VCID-qwge-qrwn-1faj
22
vulnerability VCID-rd4g-h1j9-23cb
23
vulnerability VCID-t89y-c9hq-9bhk
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-ydy1-x277-1fhj
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13676, GHSA-qfhg-m6r8-xxpj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2t34-82p3-73c3
3
url VCID-3xk4-qwaq-5yaj
vulnerability_id VCID-3xk4-qwaq-5yaj
summary 
Improper Access Control
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
reference_id
reference_type
scores
0
value 0.00479
scoring_system epss
scoring_elements 0.65441
published_at 2026-06-05T12:55:00Z
1
value 0.00479
scoring_system epss
scoring_elements 0.65429
published_at 2026-06-08T12:55:00Z
2
value 0.00479
scoring_system epss
scoring_elements 0.6544
published_at 2026-06-07T12:55:00Z
3
value 0.00479
scoring_system epss
scoring_elements 0.6539
published_at 2026-06-04T12:55:00Z
4
value 0.00479
scoring_system epss
scoring_elements 0.65452
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-013
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/
url https://www.drupal.org/sa-core-2022-013
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
reference_id CVE-2022-25278
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
reference_id CVE-2022-25278.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
5
reference_url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
reference_id GHSA-cfh2-7f6h-3m85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25278, GHSA-cfh2-7f6h-3m85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xk4-qwaq-5yaj
4
url VCID-4p4c-7rdc-37fa
vulnerability_id VCID-4p4c-7rdc-37fa
summary 
Drupal Full Path Disclosure
`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
reference_id
reference_type
scores
0
value 0.86689
scoring_system epss
scoring_elements 0.9944
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://github.com/github/advisory-database/pull/4827
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/4827
3
reference_url https://www.drupal.org/project/drupal/issues/3457781
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://www.drupal.org/project/drupal/issues/3457781
4
reference_url https://www.drupal.org/project/drupal/releases/10.2.9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.2.9
5
reference_url https://www.drupal.org/project/drupal/releases/10.3.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.3.6
6
reference_url https://www.drupal.org/project/drupal/releases/11.0.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/11.0.5
7
reference_url https://www.exploit-db.com/exploits/52266
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/52266
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
reference_id CVE-2024-45440
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
reference_id CVE-2024-45440
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
10
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained/
reference_id CVE-2024-45440-Explained
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://senscybersecurity.nl/CVE-2024-45440-Explained/
11
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained
reference_id CVE-2024-45440-EXPLAINED
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://senscybersecurity.nl/CVE-2024-45440-Explained
12
reference_url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
reference_id GHSA-mg8j-w93w-xjgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
fixed_packages
0
url pkg:composer/drupal/core@10.2.9
purl pkg:composer/drupal/core@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-6x4v-da7x-uyhh
2
vulnerability VCID-a3s2-c4k2-4ufn
3
vulnerability VCID-b266-wste-eqh6
4
vulnerability VCID-b8fw-ya7y-h7d8
5
vulnerability VCID-deks-ns51-nbdg
6
vulnerability VCID-hay8-hvsq-33bm
7
vulnerability VCID-j7bj-atys-qfg3
8
vulnerability VCID-jyz4-ymrp-pka7
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-xv4d-ped2-4udz
13
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9
1
url pkg:composer/drupal/core@10.3.0-beta1
purl pkg:composer/drupal/core@10.3.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1
2
url pkg:composer/drupal/core@10.3.6
purl pkg:composer/drupal/core@10.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-6x4v-da7x-uyhh
2
vulnerability VCID-a3s2-c4k2-4ufn
3
vulnerability VCID-b266-wste-eqh6
4
vulnerability VCID-b8fw-ya7y-h7d8
5
vulnerability VCID-deks-ns51-nbdg
6
vulnerability VCID-hay8-hvsq-33bm
7
vulnerability VCID-j7bj-atys-qfg3
8
vulnerability VCID-kzrs-mrga-nyej
9
vulnerability VCID-p54u-b18k-jyft
10
vulnerability VCID-qwge-qrwn-1faj
11
vulnerability VCID-xv4d-ped2-4udz
12
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6
3
url pkg:composer/drupal/core@11.0.0-alpha1
purl pkg:composer/drupal/core@11.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1
4
url pkg:composer/drupal/core@11.0.5
purl pkg:composer/drupal/core@11.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b266-wste-eqh6
3
vulnerability VCID-b8fw-ya7y-h7d8
4
vulnerability VCID-deks-ns51-nbdg
5
vulnerability VCID-hay8-hvsq-33bm
6
vulnerability VCID-j7bj-atys-qfg3
7
vulnerability VCID-kzrs-mrga-nyej
8
vulnerability VCID-p54u-b18k-jyft
9
vulnerability VCID-qwge-qrwn-1faj
10
vulnerability VCID-xv4d-ped2-4udz
11
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5
aliases CVE-2024-45440, GHSA-mg8j-w93w-xjgc
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4p4c-7rdc-37fa
5
url VCID-54qh-fz2a-cyh6
vulnerability_id VCID-54qh-fz2a-cyh6
summary 
Generation of Error Message Containing Sensitive Information
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.

This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.

The core REST and contributed GraphQL modules are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5256
reference_id
reference_type
scores
0
value 0.01295
scoring_system epss
scoring_elements 0.80058
published_at 2026-06-05T12:55:00Z
1
value 0.01295
scoring_system epss
scoring_elements 0.80046
published_at 2026-06-08T12:55:00Z
2
value 0.01295
scoring_system epss
scoring_elements 0.80056
published_at 2026-06-07T12:55:00Z
3
value 0.01295
scoring_system epss
scoring_elements 0.80062
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5256
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742
3
reference_url https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc
4
reference_url https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24
5
reference_url https://www.drupal.org/sa-core-2023-006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T18:22:43Z/
url https://www.drupal.org/sa-core-2023-006
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5256
reference_id CVE-2023-5256
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5256
7
reference_url https://github.com/advisories/GHSA-rjqg-3h9m-fx5x
reference_id GHSA-rjqg-3h9m-fx5x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rjqg-3h9m-fx5x
fixed_packages
0
url pkg:composer/drupal/core@9.5.11
purl pkg:composer/drupal/core@9.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-t89y-c9hq-9bhk
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.11
1
url pkg:composer/drupal/core@10.0.11
purl pkg:composer/drupal/core@10.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.11
2
url pkg:composer/drupal/core@10.1.4
purl pkg:composer/drupal/core@10.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-84g5-ckkq-hygm
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-jyz4-ymrp-pka7
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.4
aliases CVE-2023-5256, GHSA-rjqg-3h9m-fx5x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54qh-fz2a-cyh6
6
url VCID-5jy9-mhbb-nuh7
vulnerability_id VCID-5jy9-mhbb-nuh7
summary 
Deserialization of Untrusted Data
Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
reference_id
reference_type
scores
0
value 0.76873
scoring_system epss
scoring_elements 0.98976
published_at 2026-06-08T12:55:00Z
1
value 0.76873
scoring_system epss
scoring_elements 0.98977
published_at 2026-06-07T12:55:00Z
2
value 0.76873
scoring_system epss
scoring_elements 0.98975
published_at 2026-06-04T12:55:00Z
3
value 0.76873
scoring_system epss
scoring_elements 0.98978
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
4
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
5
reference_url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
6
reference_url https://github.com/pear/Archive_Tar/issues/33
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/issues/33
7
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
20
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-23
21
reference_url https://www.debian.org/security/2020/dsa-4817
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4817
22
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
reference_id 1904001
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id 976108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
reference_id CVE-2020-28948
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
26
reference_url https://github.com/advisories/GHSA-jh5x-hfhg-78jq
reference_id GHSA-jh5x-hfhg-78jq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh5x-hfhg-78jq
27
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
28
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
29
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
30
reference_url https://usn.ubuntu.com/4654-1/
reference_id USN-4654-1
reference_type
scores
url https://usn.ubuntu.com/4654-1/
31
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
32
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@8.9.10
purl pkg:composer/drupal/core@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-67da-qxh5-aydx
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-a3s2-c4k2-4ufn
10
vulnerability VCID-a7ss-tkb6-gkge
11
vulnerability VCID-ard5-3cjv-1beu
12
vulnerability VCID-b266-wste-eqh6
13
vulnerability VCID-b8fw-ya7y-h7d8
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-kzrs-mrga-nyej
22
vulnerability VCID-p54u-b18k-jyft
23
vulnerability VCID-pzp5-2bpz-jfe2
24
vulnerability VCID-qwge-qrwn-1faj
25
vulnerability VCID-rd4g-h1j9-23cb
26
vulnerability VCID-t89y-c9hq-9bhk
27
vulnerability VCID-tpzm-u3qp-akc8
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10
1
url pkg:composer/drupal/core@9.0.0-alpha1
purl pkg:composer/drupal/core@9.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1
2
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-b266-wste-eqh6
10
vulnerability VCID-b8fw-ya7y-h7d8
11
vulnerability VCID-bge7-rqsx-gfee
12
vulnerability VCID-deks-ns51-nbdg
13
vulnerability VCID-dyhz-g3nv-yuc3
14
vulnerability VCID-egtv-y9w1-skgr
15
vulnerability VCID-hay8-hvsq-33bm
16
vulnerability VCID-hkch-a5yn-jyg1
17
vulnerability VCID-j7bj-atys-qfg3
18
vulnerability VCID-kzrs-mrga-nyej
19
vulnerability VCID-p54u-b18k-jyft
20
vulnerability VCID-qwge-qrwn-1faj
21
vulnerability VCID-rd4g-h1j9-23cb
22
vulnerability VCID-t89y-c9hq-9bhk
23
vulnerability VCID-tpzm-u3qp-akc8
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
3
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
aliases CVE-2020-28948, GHSA-jh5x-hfhg-78jq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jy9-mhbb-nuh7
7
url VCID-6x4v-da7x-uyhh
vulnerability_id VCID-6x4v-da7x-uyhh
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases.

This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55638
reference_id
reference_type
scores
0
value 0.09687
scoring_system epss
scoring_elements 0.93073
published_at 2026-06-06T12:55:00Z
1
value 0.09687
scoring_system epss
scoring_elements 0.93067
published_at 2026-06-08T12:55:00Z
2
value 0.09687
scoring_system epss
scoring_elements 0.9307
published_at 2026-06-07T12:55:00Z
3
value 0.09687
scoring_system epss
scoring_elements 0.93075
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55638
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2024-008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:19:33Z/
url https://www.drupal.org/sa-core-2024-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55638
reference_id CVE-2024-55638
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55638
4
reference_url https://github.com/advisories/GHSA-gvf2-2f4g-jqf4
reference_id GHSA-gvf2-2f4g-jqf4
reference_type
scores
url https://github.com/advisories/GHSA-gvf2-2f4g-jqf4
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
aliases CVE-2024-55638, GHSA-gvf2-2f4g-jqf4
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6x4v-da7x-uyhh
8
url VCID-7v89-2sss-hfaz
vulnerability_id VCID-7v89-2sss-hfaz
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33948
published_at 2026-06-06T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.3383
published_at 2026-06-04T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.3388
published_at 2026-06-08T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.33914
published_at 2026-06-07T12:55:00Z
4
value 0.0014
scoring_system epss
scoring_elements 0.33934
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
3
reference_url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
4
reference_url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
5
reference_url https://www.drupal.org/sa-core-2021-007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-007
6
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
reference_id CVE-2020-13674
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
8
reference_url https://github.com/advisories/GHSA-j586-cj67-vg4p
reference_id GHSA-j586-cj67-vg4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j586-cj67-vg4p
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2g67-a42m-qfbh
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-4p4c-7rdc-37fa
4
vulnerability VCID-54qh-fz2a-cyh6
5
vulnerability VCID-5nbj-5x5a-93hz
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-a3s2-c4k2-4ufn
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ard5-3cjv-1beu
10
vulnerability VCID-b266-wste-eqh6
11
vulnerability VCID-b8fw-ya7y-h7d8
12
vulnerability VCID-bge7-rqsx-gfee
13
vulnerability VCID-deks-ns51-nbdg
14
vulnerability VCID-dyhz-g3nv-yuc3
15
vulnerability VCID-egtv-y9w1-skgr
16
vulnerability VCID-hay8-hvsq-33bm
17
vulnerability VCID-hkch-a5yn-jyg1
18
vulnerability VCID-j7bj-atys-qfg3
19
vulnerability VCID-kzrs-mrga-nyej
20
vulnerability VCID-p54u-b18k-jyft
21
vulnerability VCID-qwge-qrwn-1faj
22
vulnerability VCID-rd4g-h1j9-23cb
23
vulnerability VCID-t89y-c9hq-9bhk
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-ydy1-x277-1fhj
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13674, GHSA-j586-cj67-vg4p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v89-2sss-hfaz
9
url VCID-a3s2-c4k2-4ufn
vulnerability_id VCID-a3s2-c4k2-4ufn
summary Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01492
published_at 2026-06-06T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01486
published_at 2026-06-08T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01495
published_at 2026-06-07T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01484
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-008
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/
url https://www.drupal.org/sa-core-2025-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
reference_id CVE-2025-13083
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
4
reference_url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
reference_id GHSA-mhpg-hpj5-73r2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13083, GHSA-mhpg-hpj5-73r2
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3s2-c4k2-4ufn
10
url VCID-a7ss-tkb6-gkge
vulnerability_id VCID-a7ss-tkb6-gkge
summary 
Improper access control
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
reference_id
reference_type
scores
0
value 0.00579
scoring_system epss
scoring_elements 0.69284
published_at 2026-06-07T12:55:00Z
1
value 0.00579
scoring_system epss
scoring_elements 0.69293
published_at 2026-06-06T12:55:00Z
2
value 0.00579
scoring_system epss
scoring_elements 0.69285
published_at 2026-06-05T12:55:00Z
3
value 0.00579
scoring_system epss
scoring_elements 0.69268
published_at 2026-06-08T12:55:00Z
4
value 0.00579
scoring_system epss
scoring_elements 0.69245
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
3
reference_url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
4
reference_url https://www.drupal.org/sa-core-2022-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/
url https://www.drupal.org/sa-core-2022-012
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
reference_id CVE-2022-25275
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
reference_id CVE-2022-25275.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
7
reference_url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
reference_id GHSA-xh3v-6f9j-wxw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25275, GHSA-xh3v-6f9j-wxw3, GMS-2022-3362
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7ss-tkb6-gkge
11
url VCID-ard5-3cjv-1beu
vulnerability_id VCID-ard5-3cjv-1beu
summary 
Improper Input Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
reference_id
reference_type
scores
0
value 0.00931
scoring_system epss
scoring_elements 0.76504
published_at 2026-06-08T12:55:00Z
1
value 0.00931
scoring_system epss
scoring_elements 0.76518
published_at 2026-06-05T12:55:00Z
2
value 0.00931
scoring_system epss
scoring_elements 0.76524
published_at 2026-06-06T12:55:00Z
3
value 0.00931
scoring_system epss
scoring_elements 0.76489
published_at 2026-06-04T12:55:00Z
4
value 0.00931
scoring_system epss
scoring_elements 0.76514
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
3
reference_url https://github.com/guzzle/psr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7
4
reference_url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
5
reference_url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
6
reference_url https://www.drupal.org/sa-core-2022-006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://www.drupal.org/sa-core-2022-006
7
reference_url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
reference_id 1008236
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
reference_id CVE-2022-24775
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
10
reference_url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
11
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
12
reference_url https://usn.ubuntu.com/6670-1/
reference_id USN-6670-1
reference_type
scores
url https://usn.ubuntu.com/6670-1/
fixed_packages
0
url pkg:composer/drupal/core@9.2.16
purl pkg:composer/drupal/core@9.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.16
1
url pkg:composer/drupal/core@9.3.0-alpha1
purl pkg:composer/drupal/core@9.3.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-b266-wste-eqh6
8
vulnerability VCID-b8fw-ya7y-h7d8
9
vulnerability VCID-bge7-rqsx-gfee
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-hay8-hvsq-33bm
13
vulnerability VCID-hkch-a5yn-jyg1
14
vulnerability VCID-j7bj-atys-qfg3
15
vulnerability VCID-kzrs-mrga-nyej
16
vulnerability VCID-p54u-b18k-jyft
17
vulnerability VCID-qwge-qrwn-1faj
18
vulnerability VCID-rd4g-h1j9-23cb
19
vulnerability VCID-t89y-c9hq-9bhk
20
vulnerability VCID-xv4d-ped2-4udz
21
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0-alpha1
2
url pkg:composer/drupal/core@9.3.9
purl pkg:composer/drupal/core@9.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-g1ew-tnk9-cuh7
15
vulnerability VCID-hay8-hvsq-33bm
16
vulnerability VCID-hkch-a5yn-jyg1
17
vulnerability VCID-j7bj-atys-qfg3
18
vulnerability VCID-kzrs-mrga-nyej
19
vulnerability VCID-p54u-b18k-jyft
20
vulnerability VCID-qwge-qrwn-1faj
21
vulnerability VCID-rd4g-h1j9-23cb
22
vulnerability VCID-t89y-c9hq-9bhk
23
vulnerability VCID-xv4d-ped2-4udz
24
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.9
3
url pkg:composer/drupal/core@10.0.0-alpha1
purl pkg:composer/drupal/core@10.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-t89y-c9hq-9bhk
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.0-alpha1
aliases CVE-2022-24775, GHSA-q7rv-6hp3-vh96
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ard5-3cjv-1beu
12
url VCID-b266-wste-eqh6
vulnerability_id VCID-b266-wste-eqh6
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.

This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55637
reference_id
reference_type
scores
0
value 0.09982
scoring_system epss
scoring_elements 0.93194
published_at 2026-06-06T12:55:00Z
1
value 0.09982
scoring_system epss
scoring_elements 0.93189
published_at 2026-06-08T12:55:00Z
2
value 0.09982
scoring_system epss
scoring_elements 0.93191
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55637
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d
3
reference_url https://www.drupal.org/sa-core-2024-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:20:25Z/
url https://www.drupal.org/sa-core-2024-007
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55637
reference_id CVE-2024-55637
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55637
5
reference_url https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
reference_id GHSA-w6rx-9g2x-mg5g
reference_type
scores
url https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55637, GHSA-w6rx-9g2x-mg5g
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b266-wste-eqh6
13
url VCID-b8fw-ya7y-h7d8
vulnerability_id VCID-b8fw-ya7y-h7d8
summary 
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61443
published_at 2026-06-05T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61419
published_at 2026-06-08T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61436
published_at 2026-06-07T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.6145
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/
url https://www.drupal.org/sa-core-2025-001
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
reference_id CVE-2025-3057
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
4
reference_url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
reference_id GHSA-39g6-x4x8-5jcm
reference_type
scores
url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-3057, GHSA-39g6-x4x8-5jcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8fw-ya7y-h7d8
14
url VCID-dav9-pgdh-8yey
vulnerability_id VCID-dav9-pgdh-8yey
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
reference_id
reference_type
scores
0
value 0.00797
scoring_system epss
scoring_elements 0.74383
published_at 2026-06-05T12:55:00Z
1
value 0.00797
scoring_system epss
scoring_elements 0.74358
published_at 2026-06-08T12:55:00Z
2
value 0.00797
scoring_system epss
scoring_elements 0.74376
published_at 2026-06-07T12:55:00Z
3
value 0.00797
scoring_system epss
scoring_elements 0.7435
published_at 2026-06-04T12:55:00Z
4
value 0.00797
scoring_system epss
scoring_elements 0.74388
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-008
3
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
reference_id CVE-2020-13675
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
5
reference_url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
reference_id GHSA-v8wr-r69p-mmwx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2g67-a42m-qfbh
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-4p4c-7rdc-37fa
4
vulnerability VCID-54qh-fz2a-cyh6
5
vulnerability VCID-5nbj-5x5a-93hz
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-a3s2-c4k2-4ufn
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ard5-3cjv-1beu
10
vulnerability VCID-b266-wste-eqh6
11
vulnerability VCID-b8fw-ya7y-h7d8
12
vulnerability VCID-bge7-rqsx-gfee
13
vulnerability VCID-deks-ns51-nbdg
14
vulnerability VCID-dyhz-g3nv-yuc3
15
vulnerability VCID-egtv-y9w1-skgr
16
vulnerability VCID-hay8-hvsq-33bm
17
vulnerability VCID-hkch-a5yn-jyg1
18
vulnerability VCID-j7bj-atys-qfg3
19
vulnerability VCID-kzrs-mrga-nyej
20
vulnerability VCID-p54u-b18k-jyft
21
vulnerability VCID-qwge-qrwn-1faj
22
vulnerability VCID-rd4g-h1j9-23cb
23
vulnerability VCID-t89y-c9hq-9bhk
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-ydy1-x277-1fhj
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13675, GHSA-v8wr-r69p-mmwx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dav9-pgdh-8yey
15
url VCID-deks-ns51-nbdg
vulnerability_id VCID-deks-ns51-nbdg
summary 
Drupal Core Vulnerable to Forceful Browsing
Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32323
published_at 2026-06-08T12:55:00Z
1
value 0.00133
scoring_system epss
scoring_elements 0.32353
published_at 2026-06-07T12:55:00Z
2
value 0.00173
scoring_system epss
scoring_elements 0.3855
published_at 2026-06-05T12:55:00Z
3
value 0.00173
scoring_system epss
scoring_elements 0.38552
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-002
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/
url https://www.drupal.org/sa-core-2025-002
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
reference_id CVE-2025-31673
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
4
reference_url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
reference_id GHSA-wpp8-fjgf-pwc7
reference_type
scores
url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31673, GHSA-wpp8-fjgf-pwc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-deks-ns51-nbdg
16
url VCID-dyhz-g3nv-yuc3
vulnerability_id VCID-dyhz-g3nv-yuc3
summary 
Lack of domain validation in Druple core
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
reference_id
reference_type
scores
0
value 0.01831
scoring_system epss
scoring_elements 0.83273
published_at 2026-06-08T12:55:00Z
1
value 0.01831
scoring_system epss
scoring_elements 0.83257
published_at 2026-06-04T12:55:00Z
2
value 0.01831
scoring_system epss
scoring_elements 0.83283
published_at 2026-06-05T12:55:00Z
3
value 0.01831
scoring_system epss
scoring_elements 0.83285
published_at 2026-06-06T12:55:00Z
4
value 0.01831
scoring_system epss
scoring_elements 0.8328
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-015
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2022-015
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
reference_id CVE-2022-25276
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
4
reference_url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
reference_id GHSA-4wfq-jc9h-vpcx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25276, GHSA-4wfq-jc9h-vpcx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dyhz-g3nv-yuc3
17
url VCID-egtv-y9w1-skgr
vulnerability_id VCID-egtv-y9w1-skgr
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
reference_id
reference_type
scores
0
value 0.0047
scoring_system epss
scoring_elements 0.64942
published_at 2026-06-08T12:55:00Z
1
value 0.0047
scoring_system epss
scoring_elements 0.64912
published_at 2026-06-04T12:55:00Z
2
value 0.0047
scoring_system epss
scoring_elements 0.64955
published_at 2026-06-05T12:55:00Z
3
value 0.0047
scoring_system epss
scoring_elements 0.64965
published_at 2026-06-06T12:55:00Z
4
value 0.0047
scoring_system epss
scoring_elements 0.64953
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/
url https://www.drupal.org/sa-core-2022-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
reference_id CVE-2022-25273
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
4
reference_url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
reference_id GHSA-g36h-4jr6-qmm9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
fixed_packages
0
url pkg:composer/drupal/core@9.2.18
purl pkg:composer/drupal/core@9.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.18
1
url pkg:composer/drupal/core@9.3.12
purl pkg:composer/drupal/core@9.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.12
aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egtv-y9w1-skgr
18
url VCID-hay8-hvsq-33bm
vulnerability_id VCID-hay8-hvsq-33bm
summary 
Drupal Core Cross-Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25208
published_at 2026-06-06T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25223
published_at 2026-06-05T12:55:00Z
2
value 0.00153
scoring_system epss
scoring_elements 0.35669
published_at 2026-06-08T12:55:00Z
3
value 0.00153
scoring_system epss
scoring_elements 0.35711
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
1
reference_url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://www.drupal.org/sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.drupal.org/sa-core-2025-004
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
reference_id CVE-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
5
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
reference_id CVE-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
6
reference_url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
reference_id GHSA-m4wj-hhwj-47qp
reference_type
scores
url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
fixed_packages
0
url pkg:composer/drupal/core@10.3.14
purl pkg:composer/drupal/core@10.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14
1
url pkg:composer/drupal/core@10.4.5
purl pkg:composer/drupal/core@10.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5
2
url pkg:composer/drupal/core@11.0.13
purl pkg:composer/drupal/core@11.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13
3
url pkg:composer/drupal/core@11.1.5
purl pkg:composer/drupal/core@11.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5
aliases CVE-2025-31675, GHSA-m4wj-hhwj-47qp
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hay8-hvsq-33bm
19
url VCID-hkch-a5yn-jyg1
vulnerability_id VCID-hkch-a5yn-jyg1
summary Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
reference_id
reference_type
scores
0
value 0.09505
scoring_system epss
scoring_elements 0.92989
published_at 2026-06-04T12:55:00Z
1
value 0.09505
scoring_system epss
scoring_elements 0.9299
published_at 2026-06-08T12:55:00Z
2
value 0.09505
scoring_system epss
scoring_elements 0.92992
published_at 2026-06-07T12:55:00Z
3
value 0.09505
scoring_system epss
scoring_elements 0.92996
published_at 2026-06-06T12:55:00Z
4
value 0.09505
scoring_system epss
scoring_elements 0.93
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
3
reference_url https://github.com/twigphp/Twig
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twigphp/Twig
4
reference_url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
5
reference_url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
6
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
20
reference_url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
21
reference_url https://www.debian.org/security/2022/dsa-5248
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.debian.org/security/2022/dsa-5248
22
reference_url https://www.drupal.org/sa-core-2022-016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.drupal.org/sa-core-2022-016
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
reference_id 1020991
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id 2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
26
reference_url https://github.com/advisories/GHSA-52m2-vc4m-jj33
reference_id GHSA-52m2-vc4m-jj33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52m2-vc4m-jj33
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
29
reference_url https://usn.ubuntu.com/5947-1/
reference_id USN-5947-1
reference_type
scores
url https://usn.ubuntu.com/5947-1/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
fixed_packages
0
url pkg:composer/drupal/core@9.3.22
purl pkg:composer/drupal/core@9.3.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.22
1
url pkg:composer/drupal/core@9.4.0-alpha1
purl pkg:composer/drupal/core@9.4.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1
2
url pkg:composer/drupal/core@9.4.7
purl pkg:composer/drupal/core@9.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.7
3
url pkg:composer/drupal/core@9.5.0-beta1
purl pkg:composer/drupal/core@9.5.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.0-beta1
aliases CVE-2022-39261, GHSA-52m2-vc4m-jj33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkch-a5yn-jyg1
20
url VCID-j7bj-atys-qfg3
vulnerability_id VCID-j7bj-atys-qfg3
summary 
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
reference_id
reference_type
scores
0
value 0.01148
scoring_system epss
scoring_elements 0.78827
published_at 2026-06-08T12:55:00Z
1
value 0.01148
scoring_system epss
scoring_elements 0.78838
published_at 2026-06-07T12:55:00Z
2
value 0.01148
scoring_system epss
scoring_elements 0.78847
published_at 2026-06-06T12:55:00Z
3
value 0.01148
scoring_system epss
scoring_elements 0.7884
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
3
reference_url https://www.drupal.org/sa-core-2024-004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/
url https://www.drupal.org/sa-core-2024-004
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
reference_id CVE-2024-55634
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
5
reference_url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
reference_id GHSA-7cwc-fjqm-8vh8
reference_type
scores
url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55634, GHSA-7cwc-fjqm-8vh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7bj-atys-qfg3
21
url VCID-kzrs-mrga-nyej
vulnerability_id VCID-kzrs-mrga-nyej
summary User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13805
published_at 2026-06-08T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13889
published_at 2026-06-07T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13926
published_at 2026-06-06T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13922
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-007
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/
url https://www.drupal.org/sa-core-2025-007
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
reference_id CVE-2025-13082
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
4
reference_url https://github.com/advisories/GHSA-h89p-5896-f4q8
reference_id GHSA-h89p-5896-f4q8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h89p-5896-f4q8
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13082, GHSA-h89p-5896-f4q8
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzrs-mrga-nyej
22
url VCID-p54u-b18k-jyft
vulnerability_id VCID-p54u-b18k-jyft
summary Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.26032
published_at 2026-06-08T12:55:00Z
1
value 0.00093
scoring_system epss
scoring_elements 0.26087
published_at 2026-06-07T12:55:00Z
2
value 0.00093
scoring_system epss
scoring_elements 0.26133
published_at 2026-06-06T12:55:00Z
3
value 0.00093
scoring_system epss
scoring_elements 0.26138
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/
url https://www.drupal.org/sa-core-2025-005
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
reference_id CVE-2025-13080
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
4
reference_url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
reference_id GHSA-83v7-c2cf-p9c2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13080, GHSA-83v7-c2cf-p9c2
risk_score 1.9
exploitability 0.5
weighted_severity 3.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p54u-b18k-jyft
23
url VCID-pzp5-2bpz-jfe2
vulnerability_id VCID-pzp5-2bpz-jfe2
summary 
Drupal core Cross-Site Scripting (XSS) vulnerabilities
The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.

Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2021-05-26.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2021-05-26.yaml
2
reference_url https://www.drupal.org/sa-core-2021-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-005
3
reference_url https://github.com/advisories/GHSA-vfgc-c76h-mwh4
reference_id GHSA-vfgc-c76h-mwh4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfgc-c76h-mwh4
fixed_packages
0
url pkg:composer/drupal/core@8.9.18
purl pkg:composer/drupal/core@8.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-dav9-pgdh-8yey
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-xv4d-ped2-4udz
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.18
1
url pkg:composer/drupal/core@9.1.12
purl pkg:composer/drupal/core@9.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-kzrs-mrga-nyej
22
vulnerability VCID-p54u-b18k-jyft
23
vulnerability VCID-qwge-qrwn-1faj
24
vulnerability VCID-rd4g-h1j9-23cb
25
vulnerability VCID-t89y-c9hq-9bhk
26
vulnerability VCID-xv4d-ped2-4udz
27
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.12
2
url pkg:composer/drupal/core@9.2.4
purl pkg:composer/drupal/core@9.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2g67-a42m-qfbh
3
vulnerability VCID-2t34-82p3-73c3
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5nbj-5x5a-93hz
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-bge7-rqsx-gfee
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-ydy1-x277-1fhj
30
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.4
aliases GHSA-vfgc-c76h-mwh4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pzp5-2bpz-jfe2
24
url VCID-qwge-qrwn-1faj
vulnerability_id VCID-qwge-qrwn-1faj
summary 
Drupal Core Cross-Site Scripting (XSS)
Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12393
reference_id
reference_type
scores
0
value 0.02544
scoring_system epss
scoring_elements 0.85752
published_at 2026-06-08T12:55:00Z
1
value 0.02544
scoring_system epss
scoring_elements 0.85768
published_at 2026-06-07T12:55:00Z
2
value 0.02544
scoring_system epss
scoring_elements 0.85771
published_at 2026-06-06T12:55:00Z
3
value 0.02544
scoring_system epss
scoring_elements 0.85769
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12393
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8
3
reference_url https://www.drupal.org/sa-core-2024-003
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:36:16Z/
url https://www.drupal.org/sa-core-2024-003
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12393
reference_id CVE-2024-12393
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12393
5
reference_url https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
reference_id GHSA-8mvq-8h2v-j9vf
reference_type
scores
url https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-12393, GHSA-8mvq-8h2v-j9vf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwge-qrwn-1faj
25
url VCID-rd4g-h1j9-23cb
vulnerability_id VCID-rd4g-h1j9-23cb
summary 
Unrestricted Upload of File with Dangerous Type
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously does not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
reference_id
reference_type
scores
0
value 0.02448
scoring_system epss
scoring_elements 0.85472
published_at 2026-06-04T12:55:00Z
1
value 0.02448
scoring_system epss
scoring_elements 0.85481
published_at 2026-06-08T12:55:00Z
2
value 0.02448
scoring_system epss
scoring_elements 0.85501
published_at 2026-06-06T12:55:00Z
3
value 0.02448
scoring_system epss
scoring_elements 0.85496
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
3
reference_url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
4
reference_url https://www.drupal.org/sa-core-2022-014
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/
url https://www.drupal.org/sa-core-2022-014
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
reference_id CVE-2022-25277
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
reference_id CVE-2022-25277.YAML
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
7
reference_url https://github.com/advisories/GHSA-6955-67hm-vjjq
reference_id GHSA-6955-67hm-vjjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6955-67hm-vjjq
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25277, GHSA-6955-67hm-vjjq, GMS-2022-3361
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rd4g-h1j9-23cb
26
url VCID-t89y-c9hq-9bhk
vulnerability_id VCID-t89y-c9hq-9bhk
summary 
Drupal core Denial of Service vulnerability
The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
2
reference_url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
4
reference_url https://www.drupal.org/sa-core-2024-001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2024-001
5
reference_url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
reference_id GHSA-6ccv-8fgf-cjpw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
fixed_packages
0
url pkg:composer/drupal/core@10.1.8
purl pkg:composer/drupal/core@10.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8
1
url pkg:composer/drupal/core@10.2.2
purl pkg:composer/drupal/core@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2
aliases GHSA-6ccv-8fgf-cjpw, GMS-2024-214
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t89y-c9hq-9bhk
27
url VCID-tpzm-u3qp-akc8
vulnerability_id VCID-tpzm-u3qp-akc8
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68518
published_at 2026-06-06T12:55:00Z
1
value 0.00555
scoring_system epss
scoring_elements 0.68469
published_at 2026-06-04T12:55:00Z
2
value 0.00555
scoring_system epss
scoring_elements 0.6851
published_at 2026-06-05T12:55:00Z
3
value 0.00555
scoring_system epss
scoring_elements 0.68496
published_at 2026-06-08T12:55:00Z
4
value 0.00555
scoring_system epss
scoring_elements 0.68511
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-002
3
reference_url https://security.archlinux.org/AVG-1463
reference_id AVG-1463
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1463
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
reference_id CVE-2020-13672
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
7
reference_url https://github.com/advisories/GHSA-3m36-mjwj-352c
reference_id GHSA-3m36-mjwj-352c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3m36-mjwj-352c
fixed_packages
0
url pkg:composer/drupal/core@8.9.14
purl pkg:composer/drupal/core@8.9.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-dav9-pgdh-8yey
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-pzp5-2bpz-jfe2
23
vulnerability VCID-qwge-qrwn-1faj
24
vulnerability VCID-rd4g-h1j9-23cb
25
vulnerability VCID-t89y-c9hq-9bhk
26
vulnerability VCID-xv4d-ped2-4udz
27
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14
1
url pkg:composer/drupal/core@9.0.12
purl pkg:composer/drupal/core@9.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12
2
url pkg:composer/drupal/core@9.1.7
purl pkg:composer/drupal/core@9.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-kzrs-mrga-nyej
22
vulnerability VCID-p54u-b18k-jyft
23
vulnerability VCID-pzp5-2bpz-jfe2
24
vulnerability VCID-qwge-qrwn-1faj
25
vulnerability VCID-rd4g-h1j9-23cb
26
vulnerability VCID-t89y-c9hq-9bhk
27
vulnerability VCID-xv4d-ped2-4udz
28
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7
aliases CVE-2020-13672, GHSA-3m36-mjwj-352c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpzm-u3qp-akc8
28
url VCID-xv4d-ped2-4udz
vulnerability_id VCID-xv4d-ped2-4udz
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.

This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.

This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55636
reference_id
reference_type
scores
0
value 0.11473
scoring_system epss
scoring_elements 0.93753
published_at 2026-06-06T12:55:00Z
1
value 0.11473
scoring_system epss
scoring_elements 0.93751
published_at 2026-06-08T12:55:00Z
2
value 0.11473
scoring_system epss
scoring_elements 0.93752
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55636
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc
3
reference_url https://www.drupal.org/sa-core-2024-006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:21:16Z/
url https://www.drupal.org/sa-core-2024-006
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55636
reference_id CVE-2024-55636
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55636
5
reference_url https://github.com/advisories/GHSA-938f-5r4f-h65v
reference_id GHSA-938f-5r4f-h65v
reference_type
scores
url https://github.com/advisories/GHSA-938f-5r4f-h65v
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55636, GHSA-938f-5r4f-h65v
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xv4d-ped2-4udz
29
url VCID-yq4q-hydz-vuga
vulnerability_id VCID-yq4q-hydz-vuga
summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33104
published_at 2026-06-06T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.33035
published_at 2026-06-08T12:55:00Z
2
value 0.00135
scoring_system epss
scoring_elements 0.33067
published_at 2026-06-07T12:55:00Z
3
value 0.00135
scoring_system epss
scoring_elements 0.33091
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/
url https://www.drupal.org/sa-core-2025-006
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
reference_id CVE-2025-13081
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
4
reference_url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
reference_id GHSA-m6vv-vcj8-w8m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13081, GHSA-m6vv-vcj8-w8m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yq4q-hydz-vuga
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.0-rc1