Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/600862?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/600862?format=api", "purl": "pkg:composer/drupal/core@9.4.10", "type": "composer", "namespace": "drupal", "name": "core", "version": "9.4.10", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.4.9", "latest_non_vulnerable_version": "11.2.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20821?format=api", "vulnerability_id": "VCID-13ef-6vth-nugg", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33029", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13081" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/" } ], "url": "https://www.drupal.org/sa-core-2025-006" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13081", "reference_id": "CVE-2025-13081", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13081" }, { "reference_url": "https://github.com/advisories/GHSA-m6vv-vcj8-w8m7", "reference_id": "GHSA-m6vv-vcj8-w8m7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6vv-vcj8-w8m7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70235?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/70236?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/70237?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/70238?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13081", "GHSA-m6vv-vcj8-w8m7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13ef-6vth-nugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20808?format=api", "vulnerability_id": "VCID-1jvt-6dac-7qc5", "summary": "User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13901", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13082" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/" } ], "url": "https://www.drupal.org/sa-core-2025-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13082", "reference_id": "CVE-2025-13082", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13082" }, { "reference_url": "https://github.com/advisories/GHSA-h89p-5896-f4q8", "reference_id": "GHSA-h89p-5896-f4q8", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h89p-5896-f4q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70235?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/70236?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/70237?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/70238?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13082", "GHSA-h89p-5896-f4q8" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jvt-6dac-7qc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/243418?format=api", "vulnerability_id": "VCID-63my-dg24-t3dj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85728", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12393" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12393", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12393" }, { "reference_url": "https://www.drupal.org/sa-core-2024-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:36:16Z/" } ], "url": "https://www.drupal.org/sa-core-2024-003" }, { "reference_url": "https://github.com/advisories/GHSA-8mvq-8h2v-j9vf", "reference_id": "GHSA-8mvq-8h2v-j9vf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8mvq-8h2v-j9vf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187342?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/187343?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/187353?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-12393", "GHSA-8mvq-8h2v-j9vf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63my-dg24-t3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18530?format=api", "vulnerability_id": "VCID-78p4-h4nj-budj", "summary": "Generation of Error Message Containing Sensitive Information\nIn certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.80008", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5256" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742" }, { "reference_url": "https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc" }, { "reference_url": "https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24" }, { "reference_url": "https://www.drupal.org/sa-core-2023-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T18:22:43Z/" } ], "url": "https://www.drupal.org/sa-core-2023-006" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5256", "reference_id": "CVE-2023-5256", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5256" }, { "reference_url": "https://github.com/advisories/GHSA-rjqg-3h9m-fx5x", "reference_id": "GHSA-rjqg-3h9m-fx5x", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjqg-3h9m-fx5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65960?format=api", "purl": "pkg:composer/drupal/core@9.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-9ju9-nhf2-wfbe" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/65961?format=api", "purl": "pkg:composer/drupal/core@10.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-94kk-wy2f-6ue4" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-9ju9-nhf2-wfbe" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/65962?format=api", "purl": "pkg:composer/drupal/core@10.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-94kk-wy2f-6ue4" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-9ju9-nhf2-wfbe" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-jd72-1qxu-skd2" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.4" } ], "aliases": [ "CVE-2023-5256", "GHSA-rjqg-3h9m-fx5x" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-78p4-h4nj-budj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271629?format=api", "vulnerability_id": "VCID-7d6n-s61h-z3gz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11473", "scoring_system": "epss", "scoring_elements": "0.93729", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55636" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55636", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55636" }, { "reference_url": "https://www.drupal.org/sa-core-2024-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:21:16Z/" } ], "url": "https://www.drupal.org/sa-core-2024-006" }, { "reference_url": "https://github.com/advisories/GHSA-938f-5r4f-h65v", "reference_id": "GHSA-938f-5r4f-h65v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-938f-5r4f-h65v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187342?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/187343?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/187353?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55636", "GHSA-938f-5r4f-h65v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7d6n-s61h-z3gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20816?format=api", "vulnerability_id": "VCID-9bsd-gqyd-cuh5", "summary": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01494", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/" } ], "url": "https://www.drupal.org/sa-core-2025-008" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083", "reference_id": "CVE-2025-13083", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083" }, { "reference_url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2", "reference_id": "GHSA-mhpg-hpj5-73r2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70235?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/70236?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/70237?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/70238?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13083", "GHSA-mhpg-hpj5-73r2" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9bsd-gqyd-cuh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19415?format=api", "vulnerability_id": "VCID-9ju9-nhf2-wfbe", "summary": "Drupal core Denial of Service vulnerability\nThe Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).\n\nSites that do not use the Comment module are not affected.", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff" }, { "reference_url": "https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml" }, { "reference_url": "https://www.drupal.org/sa-core-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2024-001" }, { "reference_url": "https://github.com/advisories/GHSA-6ccv-8fgf-cjpw", "reference_id": "GHSA-6ccv-8fgf-cjpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6ccv-8fgf-cjpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67683?format=api", "purl": "pkg:composer/drupal/core@10.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-94kk-wy2f-6ue4" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/67684?format=api", "purl": "pkg:composer/drupal/core@10.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-94kk-wy2f-6ue4" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2" } ], "aliases": [ "GHSA-6ccv-8fgf-cjpw", "GMS-2024-214" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ju9-nhf2-wfbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17479?format=api", "vulnerability_id": "VCID-c6xh-peyj-7baj", "summary": "Access bypass in Drupal core\nThe file download facility does not sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59328", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31250" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2023-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T16:49:01Z/" } ], "url": "https://www.drupal.org/sa-core-2023-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250", "reference_id": "CVE-2023-31250", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250" }, { "reference_url": "https://github.com/advisories/GHSA-8849-cv9f-vccm", "reference_id": "GHSA-8849-cv9f-vccm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8849-cv9f-vccm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63823?format=api", "purl": "pkg:composer/drupal/core@9.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-78p4-h4nj-budj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-9ju9-nhf2-wfbe" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/63820?format=api", "purl": "pkg:composer/drupal/core@9.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-78p4-h4nj-budj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-9ju9-nhf2-wfbe" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/63821?format=api", "purl": "pkg:composer/drupal/core@10.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-78p4-h4nj-budj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-94kk-wy2f-6ue4" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-9ju9-nhf2-wfbe" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-sbnt-qndd-xubz" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.8" } ], "aliases": [ "CVE-2023-31250", "GHSA-8849-cv9f-vccm" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xh-peyj-7baj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271631?format=api", "vulnerability_id": "VCID-ddmy-kcmb-s7g7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09687", "scoring_system": "epss", "scoring_elements": "0.93048", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638" }, { "reference_url": "https://www.drupal.org/sa-core-2024-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:19:33Z/" } ], "url": "https://www.drupal.org/sa-core-2024-008" }, { "reference_url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4", "reference_id": "GHSA-gvf2-2f4g-jqf4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187342?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/187343?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" } ], "aliases": [ "CVE-2024-55638", "GHSA-gvf2-2f4g-jqf4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddmy-kcmb-s7g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/293515?format=api", "vulnerability_id": "VCID-mhcb-rdtq-sufx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54772", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31674" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31674", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31674" }, { "reference_url": "https://www.drupal.org/sa-core-2025-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/" } ], "url": "https://www.drupal.org/sa-core-2025-003" }, { "reference_url": "https://github.com/advisories/GHSA-2qph-q8xw-gv7q", "reference_id": "GHSA-2qph-q8xw-gv7q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2qph-q8xw-gv7q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193074?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/193075?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/193077?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/193078?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-31674", "GHSA-2qph-q8xw-gv7q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhcb-rdtq-sufx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271630?format=api", "vulnerability_id": "VCID-nf33-22v1-r3fj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09982", "scoring_system": "epss", "scoring_elements": "0.93173", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55637" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55637", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55637" }, { "reference_url": "https://www.drupal.org/sa-core-2024-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:20:25Z/" } ], "url": "https://www.drupal.org/sa-core-2024-007" }, { "reference_url": "https://github.com/advisories/GHSA-w6rx-9g2x-mg5g", "reference_id": "GHSA-w6rx-9g2x-mg5g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w6rx-9g2x-mg5g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187342?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/187343?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/187353?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55637", "GHSA-w6rx-9g2x-mg5g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf33-22v1-r3fj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/297353?format=api", "vulnerability_id": "VCID-pyqg-gfn8-vqag", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61353", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3057" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3057", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3057" }, { "reference_url": "https://www.drupal.org/sa-core-2025-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/" } ], "url": "https://www.drupal.org/sa-core-2025-001" }, { "reference_url": "https://github.com/advisories/GHSA-39g6-x4x8-5jcm", "reference_id": "GHSA-39g6-x4x8-5jcm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-39g6-x4x8-5jcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193074?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/193075?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/193077?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/193078?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-3057", "GHSA-39g6-x4x8-5jcm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pyqg-gfn8-vqag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/293516?format=api", "vulnerability_id": "VCID-qwwz-5n8j-9ben", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25134", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31675" }, { "reference_url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31675", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31675" }, { "reference_url": "https://www.drupal.org/sa-core-2025-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://www.drupal.org/sa-core-2025-004" }, { "reference_url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675" }, { "reference_url": "https://github.com/advisories/GHSA-m4wj-hhwj-47qp", "reference_id": "GHSA-m4wj-hhwj-47qp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4wj-hhwj-47qp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193450?format=api", "purl": "pkg:composer/drupal/core@10.3.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/193451?format=api", "purl": "pkg:composer/drupal/core@10.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/193452?format=api", "purl": "pkg:composer/drupal/core@11.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/193453?format=api", "purl": "pkg:composer/drupal/core@11.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5" } ], "aliases": [ "CVE-2025-31675", "GHSA-m4wj-hhwj-47qp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwwz-5n8j-9ben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264373?format=api", "vulnerability_id": "VCID-sbnt-qndd-xubz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86689", "scoring_system": "epss", "scoring_elements": "0.99436", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440" }, { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://github.com/github/advisory-database/pull/4827", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/4827" }, { "reference_url": "https://www.drupal.org/project/drupal/issues/3457781", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://www.drupal.org/project/drupal/issues/3457781" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.2.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.2.9" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.3.6" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/11.0.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/11.0.5" }, { "reference_url": "https://www.exploit-db.com/exploits/52266", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/52266" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py", "reference_id": "CVE-2024-45440", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440", "reference_id": "CVE-2024-45440", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/", "reference_id": "CVE-2024-45440-Explained", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained", "reference_id": "CVE-2024-45440-EXPLAINED", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained" }, { "reference_url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc", "reference_id": "GHSA-mg8j-w93w-xjgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82600?format=api", "purl": "pkg:composer/drupal/core@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-94kk-wy2f-6ue4" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/708939?format=api", "purl": "pkg:composer/drupal/core@10.3.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82599?format=api", "purl": "pkg:composer/drupal/core@10.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-ddmy-kcmb-s7g7" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/708942?format=api", "purl": "pkg:composer/drupal/core@11.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82597?format=api", "purl": "pkg:composer/drupal/core@11.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-63my-dg24-t3dj" }, { "vulnerability": "VCID-7d6n-s61h-z3gz" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-nf33-22v1-r3fj" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" }, { "vulnerability": "VCID-zhxf-bmyy-wff6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5" } ], "aliases": [ "CVE-2024-45440", "GHSA-mg8j-w93w-xjgc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbnt-qndd-xubz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/293514?format=api", "vulnerability_id": "VCID-yb9a-1mp4-1kcz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38483", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31673" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31673", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31673" }, { "reference_url": "https://www.drupal.org/sa-core-2025-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/" } ], "url": "https://www.drupal.org/sa-core-2025-002" }, { "reference_url": "https://github.com/advisories/GHSA-wpp8-fjgf-pwc7", "reference_id": "GHSA-wpp8-fjgf-pwc7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wpp8-fjgf-pwc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193074?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/193075?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/193077?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/193078?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-31673", "GHSA-wpp8-fjgf-pwc7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yb9a-1mp4-1kcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20813?format=api", "vulnerability_id": "VCID-z833-upr5-4ug5", "summary": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26058", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13080" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2025-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/" } ], "url": "https://www.drupal.org/sa-core-2025-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13080", "reference_id": "CVE-2025-13080", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13080" }, { "reference_url": "https://github.com/advisories/GHSA-83v7-c2cf-p9c2", "reference_id": "GHSA-83v7-c2cf-p9c2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-83v7-c2cf-p9c2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70235?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/70236?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/70237?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/70238?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13080", "GHSA-83v7-c2cf-p9c2" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z833-upr5-4ug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271627?format=api", "vulnerability_id": "VCID-zhxf-bmyy-wff6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78785", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634" }, { "reference_url": "https://www.drupal.org/sa-core-2024-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/" } ], "url": "https://www.drupal.org/sa-core-2024-004" }, { "reference_url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8", "reference_id": "GHSA-7cwc-fjqm-8vh8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187342?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/187343?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/187353?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13ef-6vth-nugg" }, { "vulnerability": "VCID-1jvt-6dac-7qc5" }, { "vulnerability": "VCID-9bsd-gqyd-cuh5" }, { "vulnerability": "VCID-mhcb-rdtq-sufx" }, { "vulnerability": "VCID-pyqg-gfn8-vqag" }, { "vulnerability": "VCID-qwwz-5n8j-9ben" }, { "vulnerability": "VCID-yb9a-1mp4-1kcz" }, { "vulnerability": "VCID-z833-upr5-4ug5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55634", "GHSA-7cwc-fjqm-8vh8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhxf-bmyy-wff6" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.10" }