Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/drupal@9.2.6-1
Typealpm
Namespacearchlinux
Namedrupal
Version9.2.6-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.2.9-1
Latest_non_vulnerable_version9.2.9-1
Affected_by_vulnerabilities
0
url VCID-4x92-vapt-n7dz
vulnerability_id VCID-4x92-vapt-n7dz
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at The problem has been recognized and patched.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30422
published_at 2026-04-08T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30321
published_at 2026-04-21T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30364
published_at 2026-04-18T12:55:00Z
3
value 0.00117
scoring_system epss
scoring_elements 0.30478
published_at 2026-04-01T12:55:00Z
4
value 0.00117
scoring_system epss
scoring_elements 0.30384
published_at 2026-04-16T12:55:00Z
5
value 0.00117
scoring_system epss
scoring_elements 0.30366
published_at 2026-04-13T12:55:00Z
6
value 0.00117
scoring_system epss
scoring_elements 0.30415
published_at 2026-04-12T12:55:00Z
7
value 0.00117
scoring_system epss
scoring_elements 0.30459
published_at 2026-04-11T12:55:00Z
8
value 0.00117
scoring_system epss
scoring_elements 0.30506
published_at 2026-04-02T12:55:00Z
9
value 0.00117
scoring_system epss
scoring_elements 0.30552
published_at 2026-04-04T12:55:00Z
10
value 0.00117
scoring_system epss
scoring_elements 0.30362
published_at 2026-04-07T12:55:00Z
11
value 0.00117
scoring_system epss
scoring_elements 0.30456
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
4
reference_url https://www.drupal.org/sa-core-2021-011
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-011
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
7
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id 999909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
10
reference_url https://security.archlinux.org/AVG-2565
reference_id AVG-2565
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2565
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
reference_id CVE-2021-41165
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
12
reference_url https://github.com/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h26-63m7-qhf2
13
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
fixed_packages
0
url pkg:alpm/archlinux/drupal@9.2.9-1
purl pkg:alpm/archlinux/drupal@9.2.9-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.9-1
aliases CVE-2021-41165, GHSA-7h26-63m7-qhf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x92-vapt-n7dz
1
url VCID-8hvk-a5es-v3e4
vulnerability_id VCID-8hvk-a5es-v3e4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41164
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22783
published_at 2026-04-01T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.22811
published_at 2026-04-21T12:55:00Z
2
value 0.00076
scoring_system epss
scoring_elements 0.22851
published_at 2026-04-18T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22857
published_at 2026-04-16T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22843
published_at 2026-04-13T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.229
published_at 2026-04-12T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.22936
published_at 2026-04-11T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22916
published_at 2026-04-09T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.22863
published_at 2026-04-08T12:55:00Z
9
value 0.00076
scoring_system epss
scoring_elements 0.22789
published_at 2026-04-07T12:55:00Z
10
value 0.00076
scoring_system epss
scoring_elements 0.22997
published_at 2026-04-04T12:55:00Z
11
value 0.00076
scoring_system epss
scoring_elements 0.22953
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41164
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
8
reference_url https://www.drupal.org/sa-core-2021-011
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-011
9
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id 999909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
13
reference_url https://security.archlinux.org/AVG-2565
reference_id AVG-2565
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2565
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41164
reference_id CVE-2021-41164
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41164
15
reference_url https://github.com/advisories/GHSA-pvmx-g8h5-cprj
reference_id GHSA-pvmx-g8h5-cprj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pvmx-g8h5-cprj
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
reference_id GHSA-pvmx-g8h5-cprj
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
fixed_packages
0
url pkg:alpm/archlinux/drupal@9.2.9-1
purl pkg:alpm/archlinux/drupal@9.2.9-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.9-1
aliases CVE-2021-41164, GHSA-pvmx-g8h5-cprj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8hvk-a5es-v3e4
Fixing_vulnerabilities
0
url VCID-77zc-1gc8-r7b7
vulnerability_id VCID-77zc-1gc8-r7b7
summary 
Unrestricted Upload of File with Dangerous Type
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
reference_id
reference_type
scores
0
value 0.00797
scoring_system epss
scoring_elements 0.74036
published_at 2026-04-21T12:55:00Z
1
value 0.00797
scoring_system epss
scoring_elements 0.73951
published_at 2026-04-07T12:55:00Z
2
value 0.00797
scoring_system epss
scoring_elements 0.73986
published_at 2026-04-08T12:55:00Z
3
value 0.00797
scoring_system epss
scoring_elements 0.73999
published_at 2026-04-09T12:55:00Z
4
value 0.00797
scoring_system epss
scoring_elements 0.74021
published_at 2026-04-11T12:55:00Z
5
value 0.00797
scoring_system epss
scoring_elements 0.74003
published_at 2026-04-12T12:55:00Z
6
value 0.00797
scoring_system epss
scoring_elements 0.73996
published_at 2026-04-13T12:55:00Z
7
value 0.00797
scoring_system epss
scoring_elements 0.74035
published_at 2026-04-16T12:55:00Z
8
value 0.00797
scoring_system epss
scoring_elements 0.74044
published_at 2026-04-18T12:55:00Z
9
value 0.00797
scoring_system epss
scoring_elements 0.73948
published_at 2026-04-01T12:55:00Z
10
value 0.00797
scoring_system epss
scoring_elements 0.73955
published_at 2026-04-02T12:55:00Z
11
value 0.00797
scoring_system epss
scoring_elements 0.73981
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-008
3
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
reference_id CVE-2020-13675
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
5
reference_url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
reference_id GHSA-v8wr-r69p-mmwx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
fixed_packages
0
url pkg:alpm/archlinux/drupal@9.2.6-1
purl pkg:alpm/archlinux/drupal@9.2.6-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4x92-vapt-n7dz
1
vulnerability VCID-8hvk-a5es-v3e4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1
aliases CVE-2020-13675, GHSA-v8wr-r69p-mmwx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-77zc-1gc8-r7b7
1
url VCID-bkxp-gn34-67av
vulnerability_id VCID-bkxp-gn34-67av
summary 
Cross-Site Request Forgery (CSRF)
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.34195
published_at 2026-04-21T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.33968
published_at 2026-04-01T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.34307
published_at 2026-04-02T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.34336
published_at 2026-04-04T12:55:00Z
4
value 0.0014
scoring_system epss
scoring_elements 0.342
published_at 2026-04-07T12:55:00Z
5
value 0.0014
scoring_system epss
scoring_elements 0.34243
published_at 2026-04-08T12:55:00Z
6
value 0.0014
scoring_system epss
scoring_elements 0.34272
published_at 2026-04-09T12:55:00Z
7
value 0.0014
scoring_system epss
scoring_elements 0.34273
published_at 2026-04-11T12:55:00Z
8
value 0.0014
scoring_system epss
scoring_elements 0.34231
published_at 2026-04-12T12:55:00Z
9
value 0.0014
scoring_system epss
scoring_elements 0.34208
published_at 2026-04-13T12:55:00Z
10
value 0.0014
scoring_system epss
scoring_elements 0.34242
published_at 2026-04-16T12:55:00Z
11
value 0.0014
scoring_system epss
scoring_elements 0.34229
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
3
reference_url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
4
reference_url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
5
reference_url https://www.drupal.org/sa-core-2021-007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-007
6
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
reference_id CVE-2020-13674
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
8
reference_url https://github.com/advisories/GHSA-j586-cj67-vg4p
reference_id GHSA-j586-cj67-vg4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j586-cj67-vg4p
fixed_packages
0
url pkg:alpm/archlinux/drupal@9.2.6-1
purl pkg:alpm/archlinux/drupal@9.2.6-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4x92-vapt-n7dz
1
vulnerability VCID-8hvk-a5es-v3e4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1
aliases CVE-2020-13674, GHSA-j586-cj67-vg4p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bkxp-gn34-67av
2
url VCID-fwbj-ctxz-2bc6
vulnerability_id VCID-fwbj-ctxz-2bc6
summary 
Incorrect Authorization
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.51884
published_at 2026-04-21T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.51797
published_at 2026-04-02T12:55:00Z
2
value 0.00285
scoring_system epss
scoring_elements 0.51823
published_at 2026-04-04T12:55:00Z
3
value 0.00285
scoring_system epss
scoring_elements 0.51784
published_at 2026-04-07T12:55:00Z
4
value 0.00285
scoring_system epss
scoring_elements 0.51839
published_at 2026-04-08T12:55:00Z
5
value 0.00285
scoring_system epss
scoring_elements 0.51837
published_at 2026-04-09T12:55:00Z
6
value 0.00285
scoring_system epss
scoring_elements 0.51888
published_at 2026-04-11T12:55:00Z
7
value 0.00285
scoring_system epss
scoring_elements 0.5187
published_at 2026-04-12T12:55:00Z
8
value 0.00285
scoring_system epss
scoring_elements 0.51854
published_at 2026-04-13T12:55:00Z
9
value 0.00285
scoring_system epss
scoring_elements 0.51897
published_at 2026-04-16T12:55:00Z
10
value 0.00285
scoring_system epss
scoring_elements 0.51903
published_at 2026-04-18T12:55:00Z
11
value 0.00285
scoring_system epss
scoring_elements 0.51748
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
3
reference_url https://www.drupal.org/sa-core-2021-009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-009
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
reference_id CVE-2020-13676
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
6
reference_url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
reference_id GHSA-qfhg-m6r8-xxpj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
fixed_packages
0
url pkg:alpm/archlinux/drupal@9.2.6-1
purl pkg:alpm/archlinux/drupal@9.2.6-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4x92-vapt-n7dz
1
vulnerability VCID-8hvk-a5es-v3e4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1
aliases CVE-2020-13676, GHSA-qfhg-m6r8-xxpj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwbj-ctxz-2bc6
3
url VCID-rbbv-82ff-mbcj
vulnerability_id VCID-rbbv-82ff-mbcj
summary The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13673
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.3533
published_at 2026-04-21T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35231
published_at 2026-04-01T12:55:00Z
2
value 0.00148
scoring_system epss
scoring_elements 0.35432
published_at 2026-04-02T12:55:00Z
3
value 0.00148
scoring_system epss
scoring_elements 0.35457
published_at 2026-04-04T12:55:00Z
4
value 0.00148
scoring_system epss
scoring_elements 0.35341
published_at 2026-04-07T12:55:00Z
5
value 0.00148
scoring_system epss
scoring_elements 0.35387
published_at 2026-04-08T12:55:00Z
6
value 0.00148
scoring_system epss
scoring_elements 0.35412
published_at 2026-04-09T12:55:00Z
7
value 0.00148
scoring_system epss
scoring_elements 0.35413
published_at 2026-04-11T12:55:00Z
8
value 0.00148
scoring_system epss
scoring_elements 0.35377
published_at 2026-04-12T12:55:00Z
9
value 0.00148
scoring_system epss
scoring_elements 0.35355
published_at 2026-04-13T12:55:00Z
10
value 0.00148
scoring_system epss
scoring_elements 0.35394
published_at 2026-04-16T12:55:00Z
11
value 0.00148
scoring_system epss
scoring_elements 0.35382
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13673
1
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
fixed_packages
0
url pkg:alpm/archlinux/drupal@9.2.6-1
purl pkg:alpm/archlinux/drupal@9.2.6-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4x92-vapt-n7dz
1
vulnerability VCID-8hvk-a5es-v3e4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1
aliases CVE-2020-13673
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rbbv-82ff-mbcj
4
url VCID-w6cz-mg4v-3udj
vulnerability_id VCID-w6cz-mg4v-3udj
summary 
Drupal core access bypass vulnerability
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.4184
published_at 2026-04-21T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41898
published_at 2026-04-02T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41926
published_at 2026-04-04T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.41853
published_at 2026-04-07T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.41903
published_at 2026-04-08T12:55:00Z
5
value 0.00198
scoring_system epss
scoring_elements 0.41913
published_at 2026-04-09T12:55:00Z
6
value 0.00198
scoring_system epss
scoring_elements 0.41937
published_at 2026-04-11T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.41902
published_at 2026-04-12T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.41888
published_at 2026-04-13T12:55:00Z
9
value 0.00198
scoring_system epss
scoring_elements 0.41938
published_at 2026-04-16T12:55:00Z
10
value 0.00198
scoring_system epss
scoring_elements 0.41912
published_at 2026-04-18T12:55:00Z
11
value 0.00198
scoring_system epss
scoring_elements 0.41832
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
3
reference_url https://www.drupal.org/sa-core-2021-010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-010
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
reference_id CVE-2020-13677
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
6
reference_url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
reference_id GHSA-3xr3-phjp-g6p2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
fixed_packages
0
url pkg:alpm/archlinux/drupal@9.2.6-1
purl pkg:alpm/archlinux/drupal@9.2.6-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4x92-vapt-n7dz
1
vulnerability VCID-8hvk-a5es-v3e4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1
aliases CVE-2020-13677, GHSA-3xr3-phjp-g6p2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6cz-mg4v-3udj
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1