Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/370385?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/370385?format=api", "purl": "pkg:composer/drupal/core@10.0.4", "type": "composer", "namespace": "drupal", "name": "core", "version": "10.0.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.4.9", "latest_non_vulnerable_version": "11.2.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19224?format=api", "vulnerability_id": "VCID-16ns-uqh5-d3gh", "summary": "Generation of Error Message Containing Sensitive Information\nIn certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.79652", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.79687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.79693", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.79709", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.79689", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.79681", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.79666", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.79644", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5256" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742" }, { "reference_url": "https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc" }, { "reference_url": "https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24" }, { "reference_url": "https://www.drupal.org/sa-core-2023-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T18:22:43Z/" } ], "url": "https://www.drupal.org/sa-core-2023-006" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5256", "reference_id": "CVE-2023-5256", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5256" }, { "reference_url": "https://github.com/advisories/GHSA-rjqg-3h9m-fx5x", "reference_id": "GHSA-rjqg-3h9m-fx5x", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjqg-3h9m-fx5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60261?format=api", "purl": "pkg:composer/drupal/core@10.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u2d4-5g3d-zqbt" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/60262?format=api", "purl": "pkg:composer/drupal/core@10.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-727c-e81u-uyf2" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u2d4-5g3d-zqbt" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.4" } ], "aliases": [ "CVE-2023-5256", "GHSA-rjqg-3h9m-fx5x" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-16ns-uqh5-d3gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14581?format=api", "vulnerability_id": "VCID-1nf6-3q5b-gqfm", "summary": "Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.\n\nThis issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.\n\nTo help protect against this vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.\n\nThis issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08785", "scoring_system": "epss", "scoring_elements": "0.92495", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08785", "scoring_system": "epss", "scoring_elements": "0.92522", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08785", "scoring_system": "epss", "scoring_elements": "0.92521", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08785", "scoring_system": "epss", "scoring_elements": "0.92514", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08785", "scoring_system": "epss", "scoring_elements": "0.9251", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08785", "scoring_system": "epss", "scoring_elements": "0.92498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08785", "scoring_system": "epss", "scoring_elements": "0.92486", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55636" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55636", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55636" }, { "reference_url": "https://www.drupal.org/sa-core-2024-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:21:16Z/" } ], "url": "https://www.drupal.org/sa-core-2024-006" }, { "reference_url": "https://github.com/advisories/GHSA-938f-5r4f-h65v", "reference_id": "GHSA-938f-5r4f-h65v", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-938f-5r4f-h65v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51077?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/51083?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51156?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55636", "GHSA-938f-5r4f-h65v" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nf6-3q5b-gqfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14675?format=api", "vulnerability_id": "VCID-2s8m-ujzb-skd1", "summary": "Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.\n\nThis issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.\n\nTo help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.\n\nThis issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07606", "scoring_system": "epss", "scoring_elements": "0.91851", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07606", "scoring_system": "epss", "scoring_elements": "0.9186", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07606", "scoring_system": "epss", "scoring_elements": "0.91856", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07606", "scoring_system": "epss", "scoring_elements": "0.91823", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07606", "scoring_system": "epss", "scoring_elements": "0.91838", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07606", "scoring_system": "epss", "scoring_elements": "0.9183", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55637" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55637", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55637" }, { "reference_url": "https://www.drupal.org/sa-core-2024-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:20:25Z/" } ], "url": "https://www.drupal.org/sa-core-2024-007" }, { "reference_url": "https://github.com/advisories/GHSA-w6rx-9g2x-mg5g", "reference_id": "GHSA-w6rx-9g2x-mg5g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w6rx-9g2x-mg5g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51077?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/51083?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51156?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55637", "GHSA-w6rx-9g2x-mg5g" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2s8m-ujzb-skd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17403?format=api", "vulnerability_id": "VCID-bk92-66re-dkc5", "summary": "Access bypass in Drupal core\nThe file download facility does not sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49064", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49065", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49072", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49069", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49085", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49058", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49037", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31250" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2023-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T16:49:01Z/" } ], "url": "https://www.drupal.org/sa-core-2023-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250", "reference_id": "CVE-2023-31250", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250" }, { "reference_url": "https://github.com/advisories/GHSA-8849-cv9f-vccm", "reference_id": "GHSA-8849-cv9f-vccm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8849-cv9f-vccm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57367?format=api", "purl": "pkg:composer/drupal/core@10.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16ns-uqh5-d3gh" }, { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-jctf-yffu-hbag" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u2d4-5g3d-zqbt" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.8" } ], "aliases": [ "CVE-2023-31250", "GHSA-8849-cv9f-vccm" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bk92-66re-dkc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25493?format=api", "vulnerability_id": "VCID-ed6y-c9tz-mbds", "summary": "Drupal Core Cross-Site Scripting (XSS) Vulnerability\nImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45919", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45972", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45968", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45996", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50622", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31675" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31675", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31675" }, { "reference_url": "https://www.drupal.org/sa-core-2025-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://www.drupal.org/sa-core-2025-004" }, { "reference_url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675", "reference_id": "cve-2025-31675", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675" }, { "reference_url": "https://github.com/advisories/GHSA-m4wj-hhwj-47qp", "reference_id": "GHSA-m4wj-hhwj-47qp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4wj-hhwj-47qp" }, { "reference_url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004", "reference_id": "link-moderately-critical-cross-site-scripting-sa-core-2025-004", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68717?format=api", "purl": "pkg:composer/drupal/core@10.3.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/68718?format=api", "purl": "pkg:composer/drupal/core@10.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/68719?format=api", "purl": "pkg:composer/drupal/core@11.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/68720?format=api", "purl": "pkg:composer/drupal/core@11.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5" } ], "aliases": [ "CVE-2025-31675", "GHSA-m4wj-hhwj-47qp" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed6y-c9tz-mbds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22363?format=api", "vulnerability_id": "VCID-g33x-1paw-7udm", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29467", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29511", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41909", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41955", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41983", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41971", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41959", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13081" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/" } ], "url": "https://www.drupal.org/sa-core-2025-006" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13081", "reference_id": "CVE-2025-13081", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13081" }, { "reference_url": "https://github.com/advisories/GHSA-m6vv-vcj8-w8m7", "reference_id": "GHSA-m6vv-vcj8-w8m7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6vv-vcj8-w8m7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64942?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64943?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/64944?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64945?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13081", "GHSA-m6vv-vcj8-w8m7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g33x-1paw-7udm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22349?format=api", "vulnerability_id": "VCID-hgb1-xrne-e7c8", "summary": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24067", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23969", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24025", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28019", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28086", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28224", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28129", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28181", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13080" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/" } ], "url": "https://www.drupal.org/sa-core-2025-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13080", "reference_id": "CVE-2025-13080", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13080" }, { "reference_url": "https://github.com/advisories/GHSA-83v7-c2cf-p9c2", "reference_id": "GHSA-83v7-c2cf-p9c2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-83v7-c2cf-p9c2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64942?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64943?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/64944?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64945?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13080", "GHSA-83v7-c2cf-p9c2" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hgb1-xrne-e7c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22343?format=api", "vulnerability_id": "VCID-hwnd-nuv7-jqbh", "summary": "User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11666", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11603", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1163", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22125", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22208", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2234", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22297", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13082" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/" } ], "url": "https://www.drupal.org/sa-core-2025-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13082", "reference_id": "CVE-2025-13082", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13082" }, { "reference_url": "https://github.com/advisories/GHSA-h89p-5896-f4q8", "reference_id": "GHSA-h89p-5896-f4q8", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h89p-5896-f4q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64942?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64943?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/64944?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64945?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13082", "GHSA-h89p-5896-f4q8" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwnd-nuv7-jqbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25285?format=api", "vulnerability_id": "VCID-j21d-w3g7-cbcg", "summary": "Drupal Core Vulnerable to Forceful Browsing\nIncorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39249", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39281", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39304", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39223", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39278", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39294", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39306", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39268", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31673" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31673", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31673" }, { "reference_url": "https://www.drupal.org/sa-core-2025-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/" } ], "url": "https://www.drupal.org/sa-core-2025-002" }, { "reference_url": "https://github.com/advisories/GHSA-wpp8-fjgf-pwc7", "reference_id": "GHSA-wpp8-fjgf-pwc7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpp8-fjgf-pwc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68503?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/68504?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/68505?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/68506?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-31673", "GHSA-wpp8-fjgf-pwc7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j21d-w3g7-cbcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15106?format=api", "vulnerability_id": "VCID-jctf-yffu-hbag", "summary": "Drupal core Denial of Service vulnerability\nThe Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).\n\nSites that do not use the Comment module are not affected.", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff" }, { "reference_url": "https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2024-001" }, { "reference_url": "https://github.com/advisories/GHSA-6ccv-8fgf-cjpw", "reference_id": "GHSA-6ccv-8fgf-cjpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6ccv-8fgf-cjpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52695?format=api", "purl": "pkg:composer/drupal/core@10.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u2d4-5g3d-zqbt" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/52696?format=api", "purl": "pkg:composer/drupal/core@10.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u2d4-5g3d-zqbt" }, { "vulnerability": "VCID-u4w3-usvb-jyf6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2" } ], "aliases": [ "GHSA-6ccv-8fgf-cjpw", "GMS-2024-214" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jctf-yffu-hbag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25336?format=api", "vulnerability_id": "VCID-kam1-84p4-qych", "summary": "Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability\nImproperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.7477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74785", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74794", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74777", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74744", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74815", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00845", "scoring_system": "epss", "scoring_elements": "0.74743", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31674" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31674", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31674" }, { "reference_url": "https://www.drupal.org/sa-core-2025-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/" } ], "url": "https://www.drupal.org/sa-core-2025-003" }, { "reference_url": "https://github.com/advisories/GHSA-2qph-q8xw-gv7q", "reference_id": "GHSA-2qph-q8xw-gv7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qph-q8xw-gv7q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68503?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/68504?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/68505?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/68506?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-31674", "GHSA-2qph-q8xw-gv7q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kam1-84p4-qych" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14775?format=api", "vulnerability_id": "VCID-q4qx-7s1y-q3hc", "summary": "Drupal Core Cross-Site Scripting (XSS)\nDrupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01889", "scoring_system": "epss", "scoring_elements": "0.83189", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01889", "scoring_system": "epss", "scoring_elements": "0.83179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01889", "scoring_system": "epss", "scoring_elements": "0.83183", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01889", "scoring_system": "epss", "scoring_elements": "0.83142", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01889", "scoring_system": "epss", "scoring_elements": "0.83129", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01889", "scoring_system": "epss", "scoring_elements": "0.83141", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01889", "scoring_system": "epss", "scoring_elements": "0.83165", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01889", "scoring_system": "epss", "scoring_elements": "0.83173", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12393" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12393", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12393" }, { "reference_url": "https://www.drupal.org/sa-core-2024-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:36:16Z/" } ], "url": "https://www.drupal.org/sa-core-2024-003" }, { "reference_url": "https://github.com/advisories/GHSA-8mvq-8h2v-j9vf", "reference_id": "GHSA-8mvq-8h2v-j9vf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8mvq-8h2v-j9vf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51077?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/51083?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51156?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-12393", "GHSA-8mvq-8h2v-j9vf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4qx-7s1y-q3hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14569?format=api", "vulnerability_id": "VCID-rdgr-yuu7-xkey", "summary": "Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.\n\nThis issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.\n\nTo help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases. \n\nThis issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89855", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89881", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89878", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89861", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.89842", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05148", "scoring_system": "epss", "scoring_elements": "0.8989", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638" }, { "reference_url": "https://www.drupal.org/sa-core-2024-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:19:33Z/" } ], "url": "https://www.drupal.org/sa-core-2024-008" }, { "reference_url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4", "reference_id": "GHSA-gvf2-2f4g-jqf4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51077?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/51083?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" } ], "aliases": [ "CVE-2024-55638", "GHSA-gvf2-2f4g-jqf4" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdgr-yuu7-xkey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22355?format=api", "vulnerability_id": "VCID-syrg-ckq7-cbd6", "summary": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01041", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01045", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0469", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04677", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04655", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/" } ], "url": "https://www.drupal.org/sa-core-2025-008" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083", "reference_id": "CVE-2025-13083", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083" }, { "reference_url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2", "reference_id": "GHSA-mhpg-hpj5-73r2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64942?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64943?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/64944?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64945?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13083", "GHSA-mhpg-hpj5-73r2" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syrg-ckq7-cbd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14921?format=api", "vulnerability_id": "VCID-u2d4-5g3d-zqbt", "summary": "Drupal core vulnerable to improper error handling\nUnder certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different location on the file system. This could be exploited by a malicious user to take down a site.\n\nThe issue is mitigated by the fact that several non-default site configurations must exist simultaneously for this to occur.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81463", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81406", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81429", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81428", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81456", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81461", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.81483", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01558", "scoring_system": "epss", "scoring_elements": "0.8147", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11942" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11942", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11942" }, { "reference_url": "https://www.drupal.org/sa-core-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T15:32:51Z/" } ], "url": "https://www.drupal.org/sa-core-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-52jr-x6h6-xj6g", "reference_id": "GHSA-52jr-x6h6-xj6g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52jr-x6h6-xj6g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52345?format=api", "purl": "pkg:composer/drupal/core@10.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.10" } ], "aliases": [ "CVE-2024-11942", "GHSA-52jr-x6h6-xj6g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2d4-5g3d-zqbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15838?format=api", "vulnerability_id": "VCID-u4w3-usvb-jyf6", "summary": "Drupal Full Path Disclosure\n`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86443", "scoring_system": "epss", "scoring_elements": "0.99404", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.86443", "scoring_system": "epss", "scoring_elements": "0.99405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.87227", "scoring_system": "epss", "scoring_elements": "0.99449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87227", "scoring_system": "epss", "scoring_elements": "0.99448", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.87227", "scoring_system": "epss", "scoring_elements": "0.99447", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.87227", "scoring_system": "epss", "scoring_elements": "0.99445", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440" }, { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/github/advisory-database/pull/4827", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/4827" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained" }, { "reference_url": "https://www.drupal.org/project/drupal/issues/3457781", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://www.drupal.org/project/drupal/issues/3457781" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.2.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.2.9" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.3.6" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/11.0.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/11.0.5" }, { "reference_url": "https://www.exploit-db.com/exploits/52266", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/52266" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py", "reference_id": "CVE-2024-45440", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/", "reference_id": "CVE-2024-45440-Explained", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/" }, { "reference_url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc", "reference_id": "GHSA-mg8j-w93w-xjgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55116?format=api", "purl": "pkg:composer/drupal/core@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-u2d4-5g3d-zqbt" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/703621?format=api", "purl": "pkg:composer/drupal/core@10.3.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55105?format=api", "purl": "pkg:composer/drupal/core@10.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-rdgr-yuu7-xkey" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/703624?format=api", "purl": "pkg:composer/drupal/core@11.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55106?format=api", "purl": "pkg:composer/drupal/core@11.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nf6-3q5b-gqfm" }, { "vulnerability": "VCID-2s8m-ujzb-skd1" }, { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-q4qx-7s1y-q3hc" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vevm-4sfk-f7gq" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5" } ], "aliases": [ "CVE-2024-45440", "GHSA-mg8j-w93w-xjgc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4w3-usvb-jyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14839?format=api", "vulnerability_id": "VCID-vevm-4sfk-f7gq", "summary": "Drupal core Access bypass\nDrupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74805", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74846", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74856", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74877", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74853", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74806", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74833", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74839", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634" }, { "reference_url": "https://www.drupal.org/sa-core-2024-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/" } ], "url": "https://www.drupal.org/sa-core-2024-004" }, { "reference_url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8", "reference_id": "GHSA-7cwc-fjqm-8vh8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51077?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/51083?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51156?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-j21d-w3g7-cbcg" }, { "vulnerability": "VCID-kam1-84p4-qych" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" }, { "vulnerability": "VCID-vrdx-165p-efda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55634", "GHSA-7cwc-fjqm-8vh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vevm-4sfk-f7gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25429?format=api", "vulnerability_id": "VCID-vrdx-165p-efda", "summary": "Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages\nImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61074", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61028", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61056", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61022", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6107", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61086", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61107", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61093", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3057" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3057", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3057" }, { "reference_url": "https://www.drupal.org/sa-core-2025-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/" } ], "url": "https://www.drupal.org/sa-core-2025-001" }, { "reference_url": "https://github.com/advisories/GHSA-39g6-x4x8-5jcm", "reference_id": "GHSA-39g6-x4x8-5jcm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-39g6-x4x8-5jcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68503?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/68504?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/68505?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/68506?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ed6y-c9tz-mbds" }, { "vulnerability": "VCID-g33x-1paw-7udm" }, { "vulnerability": "VCID-hgb1-xrne-e7c8" }, { "vulnerability": "VCID-hwnd-nuv7-jqbh" }, { "vulnerability": "VCID-syrg-ckq7-cbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-3057", "GHSA-39g6-x4x8-5jcm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vrdx-165p-efda" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.4" }