Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@9.4.0-alpha1
Typecomposer
Namespacedrupal
Namecore
Version9.4.0-alpha1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.4.9
Latest_non_vulnerable_version11.3.7
Affected_by_vulnerabilities
0
url VCID-2c5f-q858-huaw
vulnerability_id VCID-2c5f-q858-huaw
summary 
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54866
published_at 2026-06-06T12:55:00Z
1
value 0.00314
scoring_system epss
scoring_elements 0.54855
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/
url https://www.drupal.org/sa-core-2025-003
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
reference_id CVE-2025-31674
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
4
reference_url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
reference_id GHSA-2qph-q8xw-gv7q
reference_type
scores
url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31674, GHSA-2qph-q8xw-gv7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c5f-q858-huaw
1
url VCID-4p4c-7rdc-37fa
vulnerability_id VCID-4p4c-7rdc-37fa
summary 
Drupal Full Path Disclosure
`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
reference_id
reference_type
scores
0
value 0.86689
scoring_system epss
scoring_elements 0.9944
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://github.com/github/advisory-database/pull/4827
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/4827
3
reference_url https://www.drupal.org/project/drupal/issues/3457781
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://www.drupal.org/project/drupal/issues/3457781
4
reference_url https://www.drupal.org/project/drupal/releases/10.2.9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.2.9
5
reference_url https://www.drupal.org/project/drupal/releases/10.3.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.3.6
6
reference_url https://www.drupal.org/project/drupal/releases/11.0.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/11.0.5
7
reference_url https://www.exploit-db.com/exploits/52266
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/52266
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
reference_id CVE-2024-45440
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
reference_id CVE-2024-45440
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
10
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained/
reference_id CVE-2024-45440-Explained
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://senscybersecurity.nl/CVE-2024-45440-Explained/
11
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained
reference_id CVE-2024-45440-EXPLAINED
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://senscybersecurity.nl/CVE-2024-45440-Explained
12
reference_url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
reference_id GHSA-mg8j-w93w-xjgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
fixed_packages
0
url pkg:composer/drupal/core@10.2.9
purl pkg:composer/drupal/core@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-6x4v-da7x-uyhh
2
vulnerability VCID-a3s2-c4k2-4ufn
3
vulnerability VCID-b266-wste-eqh6
4
vulnerability VCID-b8fw-ya7y-h7d8
5
vulnerability VCID-deks-ns51-nbdg
6
vulnerability VCID-hay8-hvsq-33bm
7
vulnerability VCID-j7bj-atys-qfg3
8
vulnerability VCID-jyz4-ymrp-pka7
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-xv4d-ped2-4udz
13
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9
1
url pkg:composer/drupal/core@10.3.0-beta1
purl pkg:composer/drupal/core@10.3.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1
2
url pkg:composer/drupal/core@10.3.6
purl pkg:composer/drupal/core@10.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-6x4v-da7x-uyhh
2
vulnerability VCID-a3s2-c4k2-4ufn
3
vulnerability VCID-b266-wste-eqh6
4
vulnerability VCID-b8fw-ya7y-h7d8
5
vulnerability VCID-deks-ns51-nbdg
6
vulnerability VCID-hay8-hvsq-33bm
7
vulnerability VCID-j7bj-atys-qfg3
8
vulnerability VCID-kzrs-mrga-nyej
9
vulnerability VCID-p54u-b18k-jyft
10
vulnerability VCID-qwge-qrwn-1faj
11
vulnerability VCID-xv4d-ped2-4udz
12
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6
3
url pkg:composer/drupal/core@11.0.0-alpha1
purl pkg:composer/drupal/core@11.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1
4
url pkg:composer/drupal/core@11.0.5
purl pkg:composer/drupal/core@11.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b266-wste-eqh6
3
vulnerability VCID-b8fw-ya7y-h7d8
4
vulnerability VCID-deks-ns51-nbdg
5
vulnerability VCID-hay8-hvsq-33bm
6
vulnerability VCID-j7bj-atys-qfg3
7
vulnerability VCID-kzrs-mrga-nyej
8
vulnerability VCID-p54u-b18k-jyft
9
vulnerability VCID-qwge-qrwn-1faj
10
vulnerability VCID-xv4d-ped2-4udz
11
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5
aliases CVE-2024-45440, GHSA-mg8j-w93w-xjgc
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4p4c-7rdc-37fa
2
url VCID-54qh-fz2a-cyh6
vulnerability_id VCID-54qh-fz2a-cyh6
summary 
Generation of Error Message Containing Sensitive Information
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.

This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.

The core REST and contributed GraphQL modules are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5256
reference_id
reference_type
scores
0
value 0.01295
scoring_system epss
scoring_elements 0.80058
published_at 2026-06-05T12:55:00Z
1
value 0.01295
scoring_system epss
scoring_elements 0.80062
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5256
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742
3
reference_url https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc
4
reference_url https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24
5
reference_url https://www.drupal.org/sa-core-2023-006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T18:22:43Z/
url https://www.drupal.org/sa-core-2023-006
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5256
reference_id CVE-2023-5256
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5256
7
reference_url https://github.com/advisories/GHSA-rjqg-3h9m-fx5x
reference_id GHSA-rjqg-3h9m-fx5x
reference_type
scores
url https://github.com/advisories/GHSA-rjqg-3h9m-fx5x
fixed_packages
0
url pkg:composer/drupal/core@9.5.11
purl pkg:composer/drupal/core@9.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-t89y-c9hq-9bhk
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.11
1
url pkg:composer/drupal/core@10.0.11
purl pkg:composer/drupal/core@10.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.11
2
url pkg:composer/drupal/core@10.1.4
purl pkg:composer/drupal/core@10.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-84g5-ckkq-hygm
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-jyz4-ymrp-pka7
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.4
aliases CVE-2023-5256, GHSA-rjqg-3h9m-fx5x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54qh-fz2a-cyh6
3
url VCID-6x4v-da7x-uyhh
vulnerability_id VCID-6x4v-da7x-uyhh
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases.

This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55638
reference_id
reference_type
scores
0
value 0.09687
scoring_system epss
scoring_elements 0.93073
published_at 2026-06-06T12:55:00Z
1
value 0.09687
scoring_system epss
scoring_elements 0.93075
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55638
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2024-008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:19:33Z/
url https://www.drupal.org/sa-core-2024-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55638
reference_id CVE-2024-55638
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55638
4
reference_url https://github.com/advisories/GHSA-gvf2-2f4g-jqf4
reference_id GHSA-gvf2-2f4g-jqf4
reference_type
scores
url https://github.com/advisories/GHSA-gvf2-2f4g-jqf4
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
aliases CVE-2024-55638, GHSA-gvf2-2f4g-jqf4
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6x4v-da7x-uyhh
4
url VCID-a3s2-c4k2-4ufn
vulnerability_id VCID-a3s2-c4k2-4ufn
summary Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01492
published_at 2026-06-06T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01484
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-008
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/
url https://www.drupal.org/sa-core-2025-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
reference_id CVE-2025-13083
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
4
reference_url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
reference_id GHSA-mhpg-hpj5-73r2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13083, GHSA-mhpg-hpj5-73r2
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3s2-c4k2-4ufn
5
url VCID-b266-wste-eqh6
vulnerability_id VCID-b266-wste-eqh6
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.

This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55637
reference_id
reference_type
scores
0
value 0.09982
scoring_system epss
scoring_elements 0.93194
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55637
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d
3
reference_url https://www.drupal.org/sa-core-2024-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:20:25Z/
url https://www.drupal.org/sa-core-2024-007
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55637
reference_id CVE-2024-55637
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55637
5
reference_url https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
reference_id GHSA-w6rx-9g2x-mg5g
reference_type
scores
url https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55637, GHSA-w6rx-9g2x-mg5g
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b266-wste-eqh6
6
url VCID-b8fw-ya7y-h7d8
vulnerability_id VCID-b8fw-ya7y-h7d8
summary 
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.6145
published_at 2026-06-06T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61443
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/
url https://www.drupal.org/sa-core-2025-001
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
reference_id CVE-2025-3057
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
4
reference_url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
reference_id GHSA-39g6-x4x8-5jcm
reference_type
scores
url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-3057, GHSA-39g6-x4x8-5jcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8fw-ya7y-h7d8
7
url VCID-bge7-rqsx-gfee
vulnerability_id VCID-bge7-rqsx-gfee
summary 
Access bypass in Drupal core
The file download facility does not sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31250
reference_id
reference_type
scores
0
value 0.00361
scoring_system epss
scoring_elements 0.58579
published_at 2026-06-05T12:55:00Z
1
value 0.00361
scoring_system epss
scoring_elements 0.58588
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31250
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2023-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T16:49:01Z/
url https://www.drupal.org/sa-core-2023-005
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31250
reference_id CVE-2023-31250
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31250
4
reference_url https://github.com/advisories/GHSA-8849-cv9f-vccm
reference_id GHSA-8849-cv9f-vccm
reference_type
scores
url https://github.com/advisories/GHSA-8849-cv9f-vccm
fixed_packages
0
url pkg:composer/drupal/core@9.4.14
purl pkg:composer/drupal/core@9.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.14
1
url pkg:composer/drupal/core@9.5.8
purl pkg:composer/drupal/core@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.8
2
url pkg:composer/drupal/core@10.0.8
purl pkg:composer/drupal/core@10.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-jyz4-ymrp-pka7
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.8
aliases CVE-2023-31250, GHSA-8849-cv9f-vccm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bge7-rqsx-gfee
8
url VCID-deks-ns51-nbdg
vulnerability_id VCID-deks-ns51-nbdg
summary 
Drupal Core Vulnerable to Forceful Browsing
Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
reference_id
reference_type
scores
0
value 0.00173
scoring_system epss
scoring_elements 0.38552
published_at 2026-06-06T12:55:00Z
1
value 0.00173
scoring_system epss
scoring_elements 0.3855
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-002
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/
url https://www.drupal.org/sa-core-2025-002
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
reference_id CVE-2025-31673
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
4
reference_url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
reference_id GHSA-wpp8-fjgf-pwc7
reference_type
scores
url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31673, GHSA-wpp8-fjgf-pwc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-deks-ns51-nbdg
9
url VCID-hay8-hvsq-33bm
vulnerability_id VCID-hay8-hvsq-33bm
summary 
Drupal Core Cross-Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25208
published_at 2026-06-06T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25223
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
1
reference_url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://www.drupal.org/sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.drupal.org/sa-core-2025-004
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
reference_id CVE-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
5
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
reference_id CVE-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
6
reference_url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
reference_id GHSA-m4wj-hhwj-47qp
reference_type
scores
url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
fixed_packages
0
url pkg:composer/drupal/core@10.3.14
purl pkg:composer/drupal/core@10.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14
1
url pkg:composer/drupal/core@10.4.5
purl pkg:composer/drupal/core@10.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5
2
url pkg:composer/drupal/core@11.0.13
purl pkg:composer/drupal/core@11.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13
3
url pkg:composer/drupal/core@11.1.5
purl pkg:composer/drupal/core@11.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5
aliases CVE-2025-31675, GHSA-m4wj-hhwj-47qp
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hay8-hvsq-33bm
10
url VCID-j7bj-atys-qfg3
vulnerability_id VCID-j7bj-atys-qfg3
summary 
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
reference_id
reference_type
scores
0
value 0.01148
scoring_system epss
scoring_elements 0.78847
published_at 2026-06-06T12:55:00Z
1
value 0.01148
scoring_system epss
scoring_elements 0.7884
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
3
reference_url https://www.drupal.org/sa-core-2024-004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/
url https://www.drupal.org/sa-core-2024-004
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
reference_id CVE-2024-55634
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
5
reference_url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
reference_id GHSA-7cwc-fjqm-8vh8
reference_type
scores
url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55634, GHSA-7cwc-fjqm-8vh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7bj-atys-qfg3
11
url VCID-kzrs-mrga-nyej
vulnerability_id VCID-kzrs-mrga-nyej
summary User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13926
published_at 2026-06-06T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13922
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-007
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/
url https://www.drupal.org/sa-core-2025-007
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
reference_id CVE-2025-13082
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
4
reference_url https://github.com/advisories/GHSA-h89p-5896-f4q8
reference_id GHSA-h89p-5896-f4q8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h89p-5896-f4q8
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13082, GHSA-h89p-5896-f4q8
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzrs-mrga-nyej
12
url VCID-p54u-b18k-jyft
vulnerability_id VCID-p54u-b18k-jyft
summary Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.26133
published_at 2026-06-06T12:55:00Z
1
value 0.00093
scoring_system epss
scoring_elements 0.26138
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/
url https://www.drupal.org/sa-core-2025-005
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
reference_id CVE-2025-13080
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
4
reference_url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
reference_id GHSA-83v7-c2cf-p9c2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13080, GHSA-83v7-c2cf-p9c2
risk_score 1.9
exploitability 0.5
weighted_severity 3.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p54u-b18k-jyft
13
url VCID-qwge-qrwn-1faj
vulnerability_id VCID-qwge-qrwn-1faj
summary 
Drupal Core Cross-Site Scripting (XSS)
Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12393
reference_id
reference_type
scores
0
value 0.02544
scoring_system epss
scoring_elements 0.85771
published_at 2026-06-06T12:55:00Z
1
value 0.02544
scoring_system epss
scoring_elements 0.85769
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12393
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8
3
reference_url https://www.drupal.org/sa-core-2024-003
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:36:16Z/
url https://www.drupal.org/sa-core-2024-003
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12393
reference_id CVE-2024-12393
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12393
5
reference_url https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
reference_id GHSA-8mvq-8h2v-j9vf
reference_type
scores
url https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-12393, GHSA-8mvq-8h2v-j9vf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwge-qrwn-1faj
14
url VCID-t89y-c9hq-9bhk
vulnerability_id VCID-t89y-c9hq-9bhk
summary 
Drupal core Denial of Service vulnerability
The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
2
reference_url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
4
reference_url https://www.drupal.org/sa-core-2024-001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2024-001
5
reference_url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
reference_id GHSA-6ccv-8fgf-cjpw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
fixed_packages
0
url pkg:composer/drupal/core@10.1.8
purl pkg:composer/drupal/core@10.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8
1
url pkg:composer/drupal/core@10.2.2
purl pkg:composer/drupal/core@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2
aliases GHSA-6ccv-8fgf-cjpw, GMS-2024-214
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t89y-c9hq-9bhk
15
url VCID-xv4d-ped2-4udz
vulnerability_id VCID-xv4d-ped2-4udz
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.

This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.

This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55636
reference_id
reference_type
scores
0
value 0.11473
scoring_system epss
scoring_elements 0.93753
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55636
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc
3
reference_url https://www.drupal.org/sa-core-2024-006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:21:16Z/
url https://www.drupal.org/sa-core-2024-006
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55636
reference_id CVE-2024-55636
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55636
5
reference_url https://github.com/advisories/GHSA-938f-5r4f-h65v
reference_id GHSA-938f-5r4f-h65v
reference_type
scores
url https://github.com/advisories/GHSA-938f-5r4f-h65v
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55636, GHSA-938f-5r4f-h65v
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xv4d-ped2-4udz
16
url VCID-yq4q-hydz-vuga
vulnerability_id VCID-yq4q-hydz-vuga
summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33104
published_at 2026-06-06T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.33091
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/
url https://www.drupal.org/sa-core-2025-006
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
reference_id CVE-2025-13081
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
4
reference_url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
reference_id GHSA-m6vv-vcj8-w8m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13081, GHSA-m6vv-vcj8-w8m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yq4q-hydz-vuga
Fixing_vulnerabilities
0
url VCID-5nbj-5x5a-93hz
vulnerability_id VCID-5nbj-5x5a-93hz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29248
reference_id
reference_type
scores
0
value 0.00637
scoring_system epss
scoring_elements 0.70899
published_at 2026-06-05T12:55:00Z
1
value 0.00637
scoring_system epss
scoring_elements 0.70906
published_at 2026-06-06T12:55:00Z
2
value 0.00637
scoring_system epss
scoring_elements 0.70856
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29248
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
16
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml
17
reference_url https://github.com/guzzle/guzzle
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/guzzle
18
reference_url https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
19
reference_url https://github.com/guzzle/guzzle/pull/3018
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://github.com/guzzle/guzzle/pull/3018
20
reference_url https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29248
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29248
22
reference_url https://www.debian.org/security/2022/dsa-5246
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://www.debian.org/security/2022/dsa-5246
23
reference_url https://www.drupal.org/sa-core-2022-010
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://www.drupal.org/sa-core-2022-010
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636
reference_id 1011636
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636
25
reference_url https://security.archlinux.org/AVG-2823
reference_id AVG-2823
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2823
26
reference_url https://github.com/advisories/GHSA-cwmx-hcrq-mhc3
reference_id GHSA-cwmx-hcrq-mhc3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cwmx-hcrq-mhc3
fixed_packages
0
url pkg:composer/drupal/core@9.2.20
purl pkg:composer/drupal/core@9.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-b266-wste-eqh6
8
vulnerability VCID-b8fw-ya7y-h7d8
9
vulnerability VCID-bge7-rqsx-gfee
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-hay8-hvsq-33bm
13
vulnerability VCID-hkch-a5yn-jyg1
14
vulnerability VCID-j7bj-atys-qfg3
15
vulnerability VCID-kzrs-mrga-nyej
16
vulnerability VCID-p54u-b18k-jyft
17
vulnerability VCID-qwge-qrwn-1faj
18
vulnerability VCID-rd4g-h1j9-23cb
19
vulnerability VCID-t89y-c9hq-9bhk
20
vulnerability VCID-xv4d-ped2-4udz
21
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.20
1
url pkg:composer/drupal/core@9.3.0-alpha1
purl pkg:composer/drupal/core@9.3.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-b266-wste-eqh6
8
vulnerability VCID-b8fw-ya7y-h7d8
9
vulnerability VCID-bge7-rqsx-gfee
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-hay8-hvsq-33bm
13
vulnerability VCID-hkch-a5yn-jyg1
14
vulnerability VCID-j7bj-atys-qfg3
15
vulnerability VCID-kzrs-mrga-nyej
16
vulnerability VCID-p54u-b18k-jyft
17
vulnerability VCID-qwge-qrwn-1faj
18
vulnerability VCID-rd4g-h1j9-23cb
19
vulnerability VCID-t89y-c9hq-9bhk
20
vulnerability VCID-xv4d-ped2-4udz
21
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0-alpha1
2
url pkg:composer/drupal/core@9.3.14
purl pkg:composer/drupal/core@9.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-b266-wste-eqh6
8
vulnerability VCID-b8fw-ya7y-h7d8
9
vulnerability VCID-bge7-rqsx-gfee
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-hay8-hvsq-33bm
13
vulnerability VCID-hkch-a5yn-jyg1
14
vulnerability VCID-j7bj-atys-qfg3
15
vulnerability VCID-kzrs-mrga-nyej
16
vulnerability VCID-p54u-b18k-jyft
17
vulnerability VCID-qwge-qrwn-1faj
18
vulnerability VCID-rd4g-h1j9-23cb
19
vulnerability VCID-t89y-c9hq-9bhk
20
vulnerability VCID-xv4d-ped2-4udz
21
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.14
3
url pkg:composer/drupal/core@9.4.0-alpha1
purl pkg:composer/drupal/core@9.4.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1
aliases CVE-2022-29248, GHSA-cwmx-hcrq-mhc3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5nbj-5x5a-93hz
1
url VCID-hkch-a5yn-jyg1
vulnerability_id VCID-hkch-a5yn-jyg1
summary Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
reference_id
reference_type
scores
0
value 0.09505
scoring_system epss
scoring_elements 0.92996
published_at 2026-06-06T12:55:00Z
1
value 0.09505
scoring_system epss
scoring_elements 0.92989
published_at 2026-06-04T12:55:00Z
2
value 0.09505
scoring_system epss
scoring_elements 0.93
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
3
reference_url https://github.com/twigphp/Twig
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twigphp/Twig
4
reference_url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
5
reference_url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
6
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
20
reference_url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
21
reference_url https://www.debian.org/security/2022/dsa-5248
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.debian.org/security/2022/dsa-5248
22
reference_url https://www.drupal.org/sa-core-2022-016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.drupal.org/sa-core-2022-016
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
reference_id 1020991
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id 2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
26
reference_url https://github.com/advisories/GHSA-52m2-vc4m-jj33
reference_id GHSA-52m2-vc4m-jj33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52m2-vc4m-jj33
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
29
reference_url https://usn.ubuntu.com/5947-1/
reference_id USN-5947-1
reference_type
scores
url https://usn.ubuntu.com/5947-1/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
fixed_packages
0
url pkg:composer/drupal/core@9.3.22
purl pkg:composer/drupal/core@9.3.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.22
1
url pkg:composer/drupal/core@9.4.0-alpha1
purl pkg:composer/drupal/core@9.4.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1
2
url pkg:composer/drupal/core@9.4.7
purl pkg:composer/drupal/core@9.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.7
3
url pkg:composer/drupal/core@9.5.0-beta1
purl pkg:composer/drupal/core@9.5.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.0-beta1
aliases CVE-2022-39261, GHSA-52m2-vc4m-jj33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkch-a5yn-jyg1
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1