Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/28897?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/28897?format=api", "purl": "pkg:composer/drupal/core@10.2.2", "type": "composer", "namespace": "drupal", "name": "core", "version": "10.2.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.4.9", "latest_non_vulnerable_version": "11.3.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/123441?format=api", "vulnerability_id": "VCID-1d2m-3ycf-3ycf", "summary": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26077", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26289", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26277", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13080" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13080", "reference_id": "CVE-2025-13080", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13080" }, { "reference_url": "https://github.com/advisories/GHSA-83v7-c2cf-p9c2", "reference_id": "GHSA-83v7-c2cf-p9c2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-83v7-c2cf-p9c2" }, { "reference_url": "https://www.drupal.org/sa-core-2025-005", "reference_id": "sa-core-2025-005", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/" } ], "url": "https://www.drupal.org/sa-core-2025-005" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35316?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35312?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35315?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35314?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13080", "GHSA-83v7-c2cf-p9c2" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1d2m-3ycf-3ycf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59461?format=api", "vulnerability_id": "VCID-1w42-v1sq-fkac", "summary": "Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.\n\nDrupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09982", "scoring_system": "epss", "scoring_elements": "0.93233", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.09982", "scoring_system": "epss", "scoring_elements": "0.93235", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.09982", "scoring_system": "epss", "scoring_elements": "0.93211", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55637" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55637", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55637" }, { "reference_url": "https://github.com/advisories/GHSA-w6rx-9g2x-mg5g", "reference_id": "GHSA-w6rx-9g2x-mg5g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w6rx-9g2x-mg5g" }, { "reference_url": "https://www.drupal.org/sa-core-2024-007", "reference_id": "sa-core-2024-007", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:20:25Z/" } ], "url": "https://www.drupal.org/sa-core-2024-007" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372348?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55637", "GHSA-w6rx-9g2x-mg5g" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1w42-v1sq-fkac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59387?format=api", "vulnerability_id": "VCID-227y-mp79-jydd", "summary": "Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.\n\nDrupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11473", "scoring_system": "epss", "scoring_elements": "0.93793", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.11473", "scoring_system": "epss", "scoring_elements": "0.93797", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.11473", "scoring_system": "epss", "scoring_elements": "0.93772", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55636" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55636", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55636" }, { "reference_url": "https://github.com/advisories/GHSA-938f-5r4f-h65v", "reference_id": "GHSA-938f-5r4f-h65v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-938f-5r4f-h65v" }, { "reference_url": "https://www.drupal.org/sa-core-2024-006", "reference_id": "sa-core-2024-006", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:21:16Z/" } ], "url": "https://www.drupal.org/sa-core-2024-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372348?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55636", "GHSA-938f-5r4f-h65v" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-227y-mp79-jydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59568?format=api", "vulnerability_id": "VCID-26ck-rher-hfg4", "summary": "A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78971", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78888", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78954", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634" }, { "reference_url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8", "reference_id": "GHSA-7cwc-fjqm-8vh8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8" }, { "reference_url": "https://www.drupal.org/sa-core-2024-004", "reference_id": "sa-core-2024-004", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/" } ], "url": "https://www.drupal.org/sa-core-2024-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372348?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55634", "GHSA-7cwc-fjqm-8vh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26ck-rher-hfg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/103986?format=api", "vulnerability_id": "VCID-4sqe-bvj6-pkdq", "summary": "Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32568", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32589", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32387", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31673" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31673", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31673" }, { "reference_url": "https://github.com/advisories/GHSA-wpp8-fjgf-pwc7", "reference_id": "GHSA-wpp8-fjgf-pwc7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wpp8-fjgf-pwc7" }, { "reference_url": "https://www.drupal.org/sa-core-2025-002", "reference_id": "sa-core-2025-002", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/" } ], "url": "https://www.drupal.org/sa-core-2025-002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376293?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/376294?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/376295?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/376296?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-31673", "GHSA-wpp8-fjgf-pwc7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sqe-bvj6-pkdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40418?format=api", "vulnerability_id": "VCID-7sar-42a4-kqdy", "summary": "core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86689", "scoring_system": "epss", "scoring_elements": "0.99442", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.86689", "scoring_system": "epss", "scoring_elements": "0.99445", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.86689", "scoring_system": "epss", "scoring_elements": "0.99444", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440" }, { "reference_url": "https://github.com/github/advisory-database/pull/4827", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/4827" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.2.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.2.9" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.3.6" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/11.0.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/11.0.5" }, { "reference_url": "https://www.exploit-db.com/exploits/52266", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/52266" }, { "reference_url": "https://www.drupal.org/project/drupal/issues/3457781", "reference_id": "3457781", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://www.drupal.org/project/drupal/issues/3457781" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py", "reference_id": "CVE-2024-45440", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440", "reference_id": "CVE-2024-45440", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/", "reference_id": "CVE-2024-45440-Explained", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained", "reference_id": "CVE-2024-45440-EXPLAINED", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained" }, { "reference_url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc", "reference_id": "GHSA-mg8j-w93w-xjgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33159?format=api", "purl": "pkg:composer/drupal/core@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/736598?format=api", "purl": "pkg:composer/drupal/core@10.3.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33158?format=api", "purl": "pkg:composer/drupal/core@10.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/736601?format=api", "purl": "pkg:composer/drupal/core@11.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33156?format=api", "purl": "pkg:composer/drupal/core@11.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5" } ], "aliases": [ "CVE-2024-45440", "GHSA-mg8j-w93w-xjgc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7sar-42a4-kqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/122945?format=api", "vulnerability_id": "VCID-94he-hr4a-yygs", "summary": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01492", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01497", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0149", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083", "reference_id": "CVE-2025-13083", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083" }, { "reference_url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2", "reference_id": "GHSA-mhpg-hpj5-73r2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2" }, { "reference_url": "https://www.drupal.org/sa-core-2025-008", "reference_id": "sa-core-2025-008", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/" } ], "url": "https://www.drupal.org/sa-core-2025-008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35316?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35312?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35315?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35314?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13083", "GHSA-mhpg-hpj5-73r2" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94he-hr4a-yygs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/103925?format=api", "vulnerability_id": "VCID-aqce-af3u-myd2", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.55071", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54934", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.55056", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31674" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31674", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31674" }, { "reference_url": "https://github.com/advisories/GHSA-2qph-q8xw-gv7q", "reference_id": "GHSA-2qph-q8xw-gv7q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2qph-q8xw-gv7q" }, { "reference_url": "https://www.drupal.org/sa-core-2025-003", "reference_id": "sa-core-2025-003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/" } ], "url": "https://www.drupal.org/sa-core-2025-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376293?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/376294?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/376295?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/376296?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-31674", "GHSA-2qph-q8xw-gv7q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqce-af3u-myd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/123307?format=api", "vulnerability_id": "VCID-e5uh-sqmj-qyg7", "summary": "User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13916", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1403", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.14033", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13082" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13082", "reference_id": "CVE-2025-13082", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13082" }, { "reference_url": "https://github.com/advisories/GHSA-h89p-5896-f4q8", "reference_id": "GHSA-h89p-5896-f4q8", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h89p-5896-f4q8" }, { "reference_url": "https://www.drupal.org/sa-core-2025-007", "reference_id": "sa-core-2025-007", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/" } ], "url": "https://www.drupal.org/sa-core-2025-007" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35316?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35312?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35315?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35314?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13082", "GHSA-h89p-5896-f4q8" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5uh-sqmj-qyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36951?format=api", "vulnerability_id": "VCID-ggb3-jgrj-hken", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85854", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85794", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85844", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12393" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12393", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12393" }, { "reference_url": "https://github.com/advisories/GHSA-8mvq-8h2v-j9vf", "reference_id": "GHSA-8mvq-8h2v-j9vf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8mvq-8h2v-j9vf" }, { "reference_url": "https://www.drupal.org/sa-core-2024-003", "reference_id": "sa-core-2024-003", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:36:16Z/" } ], "url": "https://www.drupal.org/sa-core-2024-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372348?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-12393", "GHSA-8mvq-8h2v-j9vf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggb3-jgrj-hken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/122738?format=api", "vulnerability_id": "VCID-nx17-duan-vyak", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33277", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33297", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33095", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13081" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13081", "reference_id": "CVE-2025-13081", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13081" }, { "reference_url": "https://github.com/advisories/GHSA-m6vv-vcj8-w8m7", "reference_id": "GHSA-m6vv-vcj8-w8m7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6vv-vcj8-w8m7" }, { "reference_url": "https://www.drupal.org/sa-core-2025-006", "reference_id": "sa-core-2025-006", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/" } ], "url": "https://www.drupal.org/sa-core-2025-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35316?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35312?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35315?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35314?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13081", "GHSA-m6vv-vcj8-w8m7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nx17-duan-vyak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60239?format=api", "vulnerability_id": "VCID-rdfc-4t9e-bqed", "summary": "A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81946", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81875", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81936", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11942" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11942", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11942" }, { "reference_url": "https://github.com/advisories/GHSA-52jr-x6h6-xj6g", "reference_id": "GHSA-52jr-x6h6-xj6g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-52jr-x6h6-xj6g" }, { "reference_url": "https://www.drupal.org/sa-core-2024-002", "reference_id": "sa-core-2024-002", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:32:51Z/" } ], "url": "https://www.drupal.org/sa-core-2024-002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372507?format=api", "purl": "pkg:composer/drupal/core@10.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.10" } ], "aliases": [ "CVE-2024-11942", "GHSA-52jr-x6h6-xj6g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdfc-4t9e-bqed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/127275?format=api", "vulnerability_id": "VCID-rf34-12k7-xbh4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61608", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61617", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61505", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3057" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3057", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3057" }, { "reference_url": "https://github.com/advisories/GHSA-39g6-x4x8-5jcm", "reference_id": "GHSA-39g6-x4x8-5jcm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-39g6-x4x8-5jcm" }, { "reference_url": "https://www.drupal.org/sa-core-2025-001", "reference_id": "sa-core-2025-001", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/" } ], "url": "https://www.drupal.org/sa-core-2025-001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376293?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/376294?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/376295?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/376296?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-3057", "GHSA-39g6-x4x8-5jcm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rf34-12k7-xbh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104187?format=api", "vulnerability_id": "VCID-tdsq-5bqr-aufq", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. It also affects the Drupal 7 module from versions 7.x-1.0 through 7.x-1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.339", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34101", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34076", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31675" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31675", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31675" }, { "reference_url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675", "reference_id": "cve-2025-31675", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675" }, { "reference_url": "https://github.com/advisories/GHSA-m4wj-hhwj-47qp", "reference_id": "GHSA-m4wj-hhwj-47qp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4wj-hhwj-47qp" }, { "reference_url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004", "reference_id": "link-moderately-critical-cross-site-scripting-sa-core-2025-004", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004" }, { "reference_url": "https://www.drupal.org/sa-core-2025-004", "reference_id": "sa-core-2025-004", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://www.drupal.org/sa-core-2025-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376507?format=api", "purl": "pkg:composer/drupal/core@10.3.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/376508?format=api", "purl": "pkg:composer/drupal/core@10.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/376509?format=api", "purl": "pkg:composer/drupal/core@11.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/376510?format=api", "purl": "pkg:composer/drupal/core@11.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5" } ], "aliases": [ "CVE-2025-31675", "GHSA-m4wj-hhwj-47qp" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdsq-5bqr-aufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59644?format=api", "vulnerability_id": "VCID-xrzg-mcnq-vqdb", "summary": "Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.\n\nDrupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09932", "scoring_system": "epss", "scoring_elements": "0.93214", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.09932", "scoring_system": "epss", "scoring_elements": "0.93215", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.09932", "scoring_system": "epss", "scoring_elements": "0.93191", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638" }, { "reference_url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4", "reference_id": "GHSA-gvf2-2f4g-jqf4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4" }, { "reference_url": "https://www.drupal.org/sa-core-2024-008", "reference_id": "sa-core-2024-008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:19:33Z/" } ], "url": "https://www.drupal.org/sa-core-2024-008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" } ], "aliases": [ "CVE-2024-55638", "GHSA-gvf2-2f4g-jqf4" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrzg-mcnq-vqdb" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60270?format=api", "vulnerability_id": "VCID-69xw-x4r1-vqcg", "summary": "A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.72401", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.72306", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.72388", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11941" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11941", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11941" }, { "reference_url": "https://github.com/advisories/GHSA-xq54-x54m-vcpx", "reference_id": "GHSA-xq54-x54m-vcpx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xq54-x54m-vcpx" }, { "reference_url": "https://www.drupal.org/sa-core-2024-001", "reference_id": "sa-core-2024-001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:42:55Z/" } ], "url": "https://www.drupal.org/sa-core-2024-001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28895?format=api", "purl": "pkg:composer/drupal/core@10.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/28897?format=api", "purl": "pkg:composer/drupal/core@10.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2" } ], "aliases": [ "CVE-2024-11941", "GHSA-xq54-x54m-vcpx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69xw-x4r1-vqcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211699?format=api", "vulnerability_id": "VCID-vpn8-qteh-9yhz", "summary": "Drupal core Denial of Service vulnerability", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff" }, { "reference_url": "https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6ccv-8fgf-cjpw", "reference_id": "GHSA-6ccv-8fgf-cjpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6ccv-8fgf-cjpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28895?format=api", "purl": "pkg:composer/drupal/core@10.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/28897?format=api", "purl": "pkg:composer/drupal/core@10.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2" } ], "aliases": [ "GHSA-6ccv-8fgf-cjpw", "GMS-2024-214" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpn8-qteh-9yhz" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2" }