Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@9.0.6
Typecomposer
Namespacedrupal
Namecore
Version9.0.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.4.9
Latest_non_vulnerable_version11.3.7
Affected_by_vulnerabilities
0
url VCID-2c5f-q858-huaw
vulnerability_id VCID-2c5f-q858-huaw
summary 
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54855
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/
url https://www.drupal.org/sa-core-2025-003
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
reference_id CVE-2025-31674
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
4
reference_url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
reference_id GHSA-2qph-q8xw-gv7q
reference_type
scores
url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31674, GHSA-2qph-q8xw-gv7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c5f-q858-huaw
1
url VCID-3xk4-qwaq-5yaj
vulnerability_id VCID-3xk4-qwaq-5yaj
summary 
Improper Access Control
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
reference_id
reference_type
scores
0
value 0.00479
scoring_system epss
scoring_elements 0.6539
published_at 2026-06-04T12:55:00Z
1
value 0.00479
scoring_system epss
scoring_elements 0.65441
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-013
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/
url https://www.drupal.org/sa-core-2022-013
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
reference_id CVE-2022-25278
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
reference_id CVE-2022-25278.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
5
reference_url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
reference_id GHSA-cfh2-7f6h-3m85
reference_type
scores
url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25278, GHSA-cfh2-7f6h-3m85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xk4-qwaq-5yaj
2
url VCID-4p4c-7rdc-37fa
vulnerability_id VCID-4p4c-7rdc-37fa
summary 
Drupal Full Path Disclosure
`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
reference_id
reference_type
scores
0
value 0.86689
scoring_system epss
scoring_elements 0.9944
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://github.com/github/advisory-database/pull/4827
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/4827
3
reference_url https://www.drupal.org/project/drupal/issues/3457781
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://www.drupal.org/project/drupal/issues/3457781
4
reference_url https://www.drupal.org/project/drupal/releases/10.2.9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.2.9
5
reference_url https://www.drupal.org/project/drupal/releases/10.3.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.3.6
6
reference_url https://www.drupal.org/project/drupal/releases/11.0.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/11.0.5
7
reference_url https://www.exploit-db.com/exploits/52266
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/52266
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
reference_id CVE-2024-45440
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
reference_id CVE-2024-45440
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
10
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained/
reference_id CVE-2024-45440-Explained
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://senscybersecurity.nl/CVE-2024-45440-Explained/
11
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained
reference_id CVE-2024-45440-EXPLAINED
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://senscybersecurity.nl/CVE-2024-45440-Explained
12
reference_url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
reference_id GHSA-mg8j-w93w-xjgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
fixed_packages
0
url pkg:composer/drupal/core@10.2.9
purl pkg:composer/drupal/core@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-6x4v-da7x-uyhh
2
vulnerability VCID-a3s2-c4k2-4ufn
3
vulnerability VCID-b266-wste-eqh6
4
vulnerability VCID-b8fw-ya7y-h7d8
5
vulnerability VCID-deks-ns51-nbdg
6
vulnerability VCID-hay8-hvsq-33bm
7
vulnerability VCID-j7bj-atys-qfg3
8
vulnerability VCID-jyz4-ymrp-pka7
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-xv4d-ped2-4udz
13
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9
1
url pkg:composer/drupal/core@10.3.0-beta1
purl pkg:composer/drupal/core@10.3.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1
2
url pkg:composer/drupal/core@10.3.6
purl pkg:composer/drupal/core@10.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-6x4v-da7x-uyhh
2
vulnerability VCID-a3s2-c4k2-4ufn
3
vulnerability VCID-b266-wste-eqh6
4
vulnerability VCID-b8fw-ya7y-h7d8
5
vulnerability VCID-deks-ns51-nbdg
6
vulnerability VCID-hay8-hvsq-33bm
7
vulnerability VCID-j7bj-atys-qfg3
8
vulnerability VCID-kzrs-mrga-nyej
9
vulnerability VCID-p54u-b18k-jyft
10
vulnerability VCID-qwge-qrwn-1faj
11
vulnerability VCID-xv4d-ped2-4udz
12
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6
3
url pkg:composer/drupal/core@11.0.0-alpha1
purl pkg:composer/drupal/core@11.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1
4
url pkg:composer/drupal/core@11.0.5
purl pkg:composer/drupal/core@11.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b266-wste-eqh6
3
vulnerability VCID-b8fw-ya7y-h7d8
4
vulnerability VCID-deks-ns51-nbdg
5
vulnerability VCID-hay8-hvsq-33bm
6
vulnerability VCID-j7bj-atys-qfg3
7
vulnerability VCID-kzrs-mrga-nyej
8
vulnerability VCID-p54u-b18k-jyft
9
vulnerability VCID-qwge-qrwn-1faj
10
vulnerability VCID-xv4d-ped2-4udz
11
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5
aliases CVE-2024-45440, GHSA-mg8j-w93w-xjgc
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4p4c-7rdc-37fa
3
url VCID-54qh-fz2a-cyh6
vulnerability_id VCID-54qh-fz2a-cyh6
summary 
Generation of Error Message Containing Sensitive Information
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.

This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.

The core REST and contributed GraphQL modules are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5256
reference_id
reference_type
scores
0
value 0.01295
scoring_system epss
scoring_elements 0.80058
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5256
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742
3
reference_url https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc
4
reference_url https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24
5
reference_url https://www.drupal.org/sa-core-2023-006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T18:22:43Z/
url https://www.drupal.org/sa-core-2023-006
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5256
reference_id CVE-2023-5256
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5256
7
reference_url https://github.com/advisories/GHSA-rjqg-3h9m-fx5x
reference_id GHSA-rjqg-3h9m-fx5x
reference_type
scores
url https://github.com/advisories/GHSA-rjqg-3h9m-fx5x
fixed_packages
0
url pkg:composer/drupal/core@9.5.11
purl pkg:composer/drupal/core@9.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-t89y-c9hq-9bhk
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.11
1
url pkg:composer/drupal/core@10.0.11
purl pkg:composer/drupal/core@10.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.11
2
url pkg:composer/drupal/core@10.1.4
purl pkg:composer/drupal/core@10.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-84g5-ckkq-hygm
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-jyz4-ymrp-pka7
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.4
aliases CVE-2023-5256, GHSA-rjqg-3h9m-fx5x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54qh-fz2a-cyh6
4
url VCID-5jy9-mhbb-nuh7
vulnerability_id VCID-5jy9-mhbb-nuh7
summary 
Deserialization of Untrusted Data
Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
reference_id
reference_type
scores
0
value 0.76873
scoring_system epss
scoring_elements 0.98976
published_at 2026-06-05T12:55:00Z
1
value 0.76873
scoring_system epss
scoring_elements 0.98975
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
4
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
5
reference_url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
6
reference_url https://github.com/pear/Archive_Tar/issues/33
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/issues/33
7
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
14
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-23
15
reference_url https://www.debian.org/security/2020/dsa-4817
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4817
16
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
reference_id 1904001
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id 976108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
reference_id CVE-2020-28948
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
20
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
21
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
22
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
23
reference_url https://usn.ubuntu.com/4654-1/
reference_id USN-4654-1
reference_type
scores
url https://usn.ubuntu.com/4654-1/
24
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
25
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-b266-wste-eqh6
10
vulnerability VCID-b8fw-ya7y-h7d8
11
vulnerability VCID-bge7-rqsx-gfee
12
vulnerability VCID-deks-ns51-nbdg
13
vulnerability VCID-dyhz-g3nv-yuc3
14
vulnerability VCID-egtv-y9w1-skgr
15
vulnerability VCID-hay8-hvsq-33bm
16
vulnerability VCID-hkch-a5yn-jyg1
17
vulnerability VCID-j7bj-atys-qfg3
18
vulnerability VCID-kzrs-mrga-nyej
19
vulnerability VCID-p54u-b18k-jyft
20
vulnerability VCID-qwge-qrwn-1faj
21
vulnerability VCID-rd4g-h1j9-23cb
22
vulnerability VCID-t89y-c9hq-9bhk
23
vulnerability VCID-tpzm-u3qp-akc8
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
1
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
aliases CVE-2020-28948, GHSA-jh5x-hfhg-78jq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jy9-mhbb-nuh7
5
url VCID-67da-qxh5-aydx
vulnerability_id VCID-67da-qxh5-aydx
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36193.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36193
reference_id
reference_type
scores
0
value 0.71148
scoring_system epss
scoring_elements 0.9873
published_at 2026-06-04T12:55:00Z
1
value 0.71148
scoring_system epss
scoring_elements 0.98731
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36193
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36193
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36193
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
5
reference_url https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
6
reference_url https://github.com/pear/Archive_Tar/issues/35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/issues/35
7
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html
8
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
17
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://security.gentoo.org/glsa/202101-23
18
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-36193
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-36193
19
reference_url https://www.debian.org/security/2021/dsa-4894
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://www.debian.org/security/2021/dsa-4894
20
reference_url https://www.drupal.org/sa-core-2021-001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://www.drupal.org/sa-core-2021-001
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1942961
reference_id 1942961
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1942961
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
reference_id 42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428
reference_id 980428
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428
24
reference_url https://security.archlinux.org/ASA-202102-7
reference_id ASA-202102-7
reference_type
scores
url https://security.archlinux.org/ASA-202102-7
25
reference_url https://security.archlinux.org/AVG-1463
reference_id AVG-1463
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1463
26
reference_url https://security.archlinux.org/AVG-1464
reference_id AVG-1464
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1464
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36193
reference_id CVE-2020-36193
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36193
28
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-36193.yaml
reference_id CVE-2020-36193.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-36193.yaml
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/
reference_id FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/
30
reference_url https://github.com/advisories/GHSA-rpw6-9xfx-jvcx
reference_id GHSA-rpw6-9xfx-jvcx
reference_type
scores
url https://github.com/advisories/GHSA-rpw6-9xfx-jvcx
31
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
32
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
33
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
34
reference_url https://usn.ubuntu.com/4723-1/
reference_id USN-4723-1
reference_type
scores
url https://usn.ubuntu.com/4723-1/
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
reference_id VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/
reference_id YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/
fixed_packages
0
url pkg:composer/drupal/core@9.0.11
purl pkg:composer/drupal/core@9.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-tpzm-u3qp-akc8
23
vulnerability VCID-xv4d-ped2-4udz
24
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.11
1
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
2
url pkg:composer/drupal/core@9.1.3
purl pkg:composer/drupal/core@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-kzrs-mrga-nyej
22
vulnerability VCID-p54u-b18k-jyft
23
vulnerability VCID-pzp5-2bpz-jfe2
24
vulnerability VCID-qwge-qrwn-1faj
25
vulnerability VCID-rd4g-h1j9-23cb
26
vulnerability VCID-t89y-c9hq-9bhk
27
vulnerability VCID-tpzm-u3qp-akc8
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.3
aliases CVE-2020-36193, GHSA-rpw6-9xfx-jvcx
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67da-qxh5-aydx
6
url VCID-6x4v-da7x-uyhh
vulnerability_id VCID-6x4v-da7x-uyhh
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases.

This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55638
reference_id
reference_type
scores
0
value 0.09687
scoring_system epss
scoring_elements 0.93075
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55638
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2024-008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:19:33Z/
url https://www.drupal.org/sa-core-2024-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55638
reference_id CVE-2024-55638
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55638
4
reference_url https://github.com/advisories/GHSA-gvf2-2f4g-jqf4
reference_id GHSA-gvf2-2f4g-jqf4
reference_type
scores
url https://github.com/advisories/GHSA-gvf2-2f4g-jqf4
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
aliases CVE-2024-55638, GHSA-gvf2-2f4g-jqf4
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6x4v-da7x-uyhh
7
url VCID-9dfs-rpqy-6kfa
vulnerability_id VCID-9dfs-rpqy-6kfa
summary 
Injection Vulnerability
archive_tar has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed.
references
0
reference_url http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28949
reference_id
reference_type
scores
0
value 0.93364
scoring_system epss
scoring_elements 0.99822
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28949
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
5
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
6
reference_url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
7
reference_url https://github.com/pear/Archive_Tar/issues/33
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://github.com/pear/Archive_Tar/issues/33
8
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
21
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://security.gentoo.org/glsa/202101-23
22
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949
23
reference_url https://www.debian.org/security/2020/dsa-4817
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://www.debian.org/security/2020/dsa-4817
24
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://www.drupal.org/sa-core-2020-013
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1910323
reference_id 1910323
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1910323
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
reference_id 42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/
reference_id 4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id 5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
29
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id 976108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28949
reference_id CVE-2020-28949
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28949
31
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml
reference_id CVE-2020-28949.YAML
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml
32
reference_url https://github.com/advisories/GHSA-75c5-f4gw-38r9
reference_id GHSA-75c5-f4gw-38r9
reference_type
scores
url https://github.com/advisories/GHSA-75c5-f4gw-38r9
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/
reference_id NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/
35
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
36
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
37
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
38
reference_url https://usn.ubuntu.com/4654-1/
reference_id USN-4654-1
reference_type
scores
url https://usn.ubuntu.com/4654-1/
39
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
40
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
reference_id VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
fixed_packages
0
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-b266-wste-eqh6
10
vulnerability VCID-b8fw-ya7y-h7d8
11
vulnerability VCID-bge7-rqsx-gfee
12
vulnerability VCID-deks-ns51-nbdg
13
vulnerability VCID-dyhz-g3nv-yuc3
14
vulnerability VCID-egtv-y9w1-skgr
15
vulnerability VCID-hay8-hvsq-33bm
16
vulnerability VCID-hkch-a5yn-jyg1
17
vulnerability VCID-j7bj-atys-qfg3
18
vulnerability VCID-kzrs-mrga-nyej
19
vulnerability VCID-p54u-b18k-jyft
20
vulnerability VCID-qwge-qrwn-1faj
21
vulnerability VCID-rd4g-h1j9-23cb
22
vulnerability VCID-t89y-c9hq-9bhk
23
vulnerability VCID-tpzm-u3qp-akc8
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
1
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
aliases CVE-2020-28949, GHSA-75c5-f4gw-38r9
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dfs-rpqy-6kfa
8
url VCID-a3s2-c4k2-4ufn
vulnerability_id VCID-a3s2-c4k2-4ufn
summary Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01484
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-008
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/
url https://www.drupal.org/sa-core-2025-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
reference_id CVE-2025-13083
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
4
reference_url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
reference_id GHSA-mhpg-hpj5-73r2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13083, GHSA-mhpg-hpj5-73r2
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3s2-c4k2-4ufn
9
url VCID-a7ss-tkb6-gkge
vulnerability_id VCID-a7ss-tkb6-gkge
summary 
Improper access control
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
reference_id
reference_type
scores
0
value 0.00579
scoring_system epss
scoring_elements 0.69245
published_at 2026-06-04T12:55:00Z
1
value 0.00579
scoring_system epss
scoring_elements 0.69285
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
3
reference_url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
4
reference_url https://www.drupal.org/sa-core-2022-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/
url https://www.drupal.org/sa-core-2022-012
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
reference_id CVE-2022-25275
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
reference_id CVE-2022-25275.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
7
reference_url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
reference_id GHSA-xh3v-6f9j-wxw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25275, GHSA-xh3v-6f9j-wxw3, GMS-2022-3362
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7ss-tkb6-gkge
10
url VCID-ard5-3cjv-1beu
vulnerability_id VCID-ard5-3cjv-1beu
summary 
Improper Input Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
reference_id
reference_type
scores
0
value 0.00931
scoring_system epss
scoring_elements 0.76518
published_at 2026-06-05T12:55:00Z
1
value 0.00931
scoring_system epss
scoring_elements 0.76489
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
3
reference_url https://github.com/guzzle/psr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7
4
reference_url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
5
reference_url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
6
reference_url https://www.drupal.org/sa-core-2022-006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://www.drupal.org/sa-core-2022-006
7
reference_url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
reference_id 1008236
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
reference_id CVE-2022-24775
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
10
reference_url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
11
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
12
reference_url https://usn.ubuntu.com/6670-1/
reference_id USN-6670-1
reference_type
scores
url https://usn.ubuntu.com/6670-1/
fixed_packages
0
url pkg:composer/drupal/core@9.2.16
purl pkg:composer/drupal/core@9.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.16
1
url pkg:composer/drupal/core@9.3.0-alpha1
purl pkg:composer/drupal/core@9.3.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-b266-wste-eqh6
8
vulnerability VCID-b8fw-ya7y-h7d8
9
vulnerability VCID-bge7-rqsx-gfee
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-hay8-hvsq-33bm
13
vulnerability VCID-hkch-a5yn-jyg1
14
vulnerability VCID-j7bj-atys-qfg3
15
vulnerability VCID-kzrs-mrga-nyej
16
vulnerability VCID-p54u-b18k-jyft
17
vulnerability VCID-qwge-qrwn-1faj
18
vulnerability VCID-rd4g-h1j9-23cb
19
vulnerability VCID-t89y-c9hq-9bhk
20
vulnerability VCID-xv4d-ped2-4udz
21
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0-alpha1
2
url pkg:composer/drupal/core@9.3.9
purl pkg:composer/drupal/core@9.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-g1ew-tnk9-cuh7
15
vulnerability VCID-hay8-hvsq-33bm
16
vulnerability VCID-hkch-a5yn-jyg1
17
vulnerability VCID-j7bj-atys-qfg3
18
vulnerability VCID-kzrs-mrga-nyej
19
vulnerability VCID-p54u-b18k-jyft
20
vulnerability VCID-qwge-qrwn-1faj
21
vulnerability VCID-rd4g-h1j9-23cb
22
vulnerability VCID-t89y-c9hq-9bhk
23
vulnerability VCID-xv4d-ped2-4udz
24
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.9
3
url pkg:composer/drupal/core@10.0.0-alpha1
purl pkg:composer/drupal/core@10.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-t89y-c9hq-9bhk
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.0-alpha1
aliases CVE-2022-24775, GHSA-q7rv-6hp3-vh96
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ard5-3cjv-1beu
11
url VCID-b266-wste-eqh6
vulnerability_id VCID-b266-wste-eqh6
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.

This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55637
reference_id
reference_type
scores
0
value 0.09982
scoring_system epss
scoring_elements 0.93194
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55637
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d
3
reference_url https://www.drupal.org/sa-core-2024-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:20:25Z/
url https://www.drupal.org/sa-core-2024-007
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55637
reference_id CVE-2024-55637
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55637
5
reference_url https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
reference_id GHSA-w6rx-9g2x-mg5g
reference_type
scores
url https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55637, GHSA-w6rx-9g2x-mg5g
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b266-wste-eqh6
12
url VCID-b8fw-ya7y-h7d8
vulnerability_id VCID-b8fw-ya7y-h7d8
summary 
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61443
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/
url https://www.drupal.org/sa-core-2025-001
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
reference_id CVE-2025-3057
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
4
reference_url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
reference_id GHSA-39g6-x4x8-5jcm
reference_type
scores
url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-3057, GHSA-39g6-x4x8-5jcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8fw-ya7y-h7d8
13
url VCID-bge7-rqsx-gfee
vulnerability_id VCID-bge7-rqsx-gfee
summary 
Access bypass in Drupal core
The file download facility does not sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31250
reference_id
reference_type
scores
0
value 0.00361
scoring_system epss
scoring_elements 0.58579
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31250
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2023-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T16:49:01Z/
url https://www.drupal.org/sa-core-2023-005
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31250
reference_id CVE-2023-31250
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31250
4
reference_url https://github.com/advisories/GHSA-8849-cv9f-vccm
reference_id GHSA-8849-cv9f-vccm
reference_type
scores
url https://github.com/advisories/GHSA-8849-cv9f-vccm
fixed_packages
0
url pkg:composer/drupal/core@9.4.14
purl pkg:composer/drupal/core@9.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.14
1
url pkg:composer/drupal/core@9.5.8
purl pkg:composer/drupal/core@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.8
2
url pkg:composer/drupal/core@10.0.8
purl pkg:composer/drupal/core@10.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-jyz4-ymrp-pka7
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.8
aliases CVE-2023-31250, GHSA-8849-cv9f-vccm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bge7-rqsx-gfee
14
url VCID-deks-ns51-nbdg
vulnerability_id VCID-deks-ns51-nbdg
summary 
Drupal Core Vulnerable to Forceful Browsing
Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
reference_id
reference_type
scores
0
value 0.00173
scoring_system epss
scoring_elements 0.3855
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-002
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/
url https://www.drupal.org/sa-core-2025-002
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
reference_id CVE-2025-31673
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
4
reference_url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
reference_id GHSA-wpp8-fjgf-pwc7
reference_type
scores
url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31673, GHSA-wpp8-fjgf-pwc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-deks-ns51-nbdg
15
url VCID-dyhz-g3nv-yuc3
vulnerability_id VCID-dyhz-g3nv-yuc3
summary 
Lack of domain validation in Druple core
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
reference_id
reference_type
scores
0
value 0.01831
scoring_system epss
scoring_elements 0.83257
published_at 2026-06-04T12:55:00Z
1
value 0.01831
scoring_system epss
scoring_elements 0.83283
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-015
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2022-015
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
reference_id CVE-2022-25276
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
4
reference_url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
reference_id GHSA-4wfq-jc9h-vpcx
reference_type
scores
url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25276, GHSA-4wfq-jc9h-vpcx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dyhz-g3nv-yuc3
16
url VCID-egtv-y9w1-skgr
vulnerability_id VCID-egtv-y9w1-skgr
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
reference_id
reference_type
scores
0
value 0.0047
scoring_system epss
scoring_elements 0.64955
published_at 2026-06-05T12:55:00Z
1
value 0.0047
scoring_system epss
scoring_elements 0.64912
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/
url https://www.drupal.org/sa-core-2022-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
reference_id CVE-2022-25273
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
4
reference_url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
reference_id GHSA-g36h-4jr6-qmm9
reference_type
scores
url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
fixed_packages
0
url pkg:composer/drupal/core@9.2.18
purl pkg:composer/drupal/core@9.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.18
1
url pkg:composer/drupal/core@9.3.12
purl pkg:composer/drupal/core@9.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.12
aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egtv-y9w1-skgr
17
url VCID-hay8-hvsq-33bm
vulnerability_id VCID-hay8-hvsq-33bm
summary 
Drupal Core Cross-Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25223
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
1
reference_url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://www.drupal.org/sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.drupal.org/sa-core-2025-004
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
reference_id CVE-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
5
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
reference_id CVE-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
6
reference_url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
reference_id GHSA-m4wj-hhwj-47qp
reference_type
scores
url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
fixed_packages
0
url pkg:composer/drupal/core@10.3.14
purl pkg:composer/drupal/core@10.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14
1
url pkg:composer/drupal/core@10.4.5
purl pkg:composer/drupal/core@10.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5
2
url pkg:composer/drupal/core@11.0.13
purl pkg:composer/drupal/core@11.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13
3
url pkg:composer/drupal/core@11.1.5
purl pkg:composer/drupal/core@11.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5
aliases CVE-2025-31675, GHSA-m4wj-hhwj-47qp
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hay8-hvsq-33bm
18
url VCID-hkch-a5yn-jyg1
vulnerability_id VCID-hkch-a5yn-jyg1
summary Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
reference_id
reference_type
scores
0
value 0.09505
scoring_system epss
scoring_elements 0.92989
published_at 2026-06-04T12:55:00Z
1
value 0.09505
scoring_system epss
scoring_elements 0.93
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
3
reference_url https://github.com/twigphp/Twig
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twigphp/Twig
4
reference_url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
5
reference_url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
6
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
20
reference_url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
21
reference_url https://www.debian.org/security/2022/dsa-5248
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.debian.org/security/2022/dsa-5248
22
reference_url https://www.drupal.org/sa-core-2022-016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.drupal.org/sa-core-2022-016
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
reference_id 1020991
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id 2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
26
reference_url https://github.com/advisories/GHSA-52m2-vc4m-jj33
reference_id GHSA-52m2-vc4m-jj33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52m2-vc4m-jj33
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
29
reference_url https://usn.ubuntu.com/5947-1/
reference_id USN-5947-1
reference_type
scores
url https://usn.ubuntu.com/5947-1/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
fixed_packages
0
url pkg:composer/drupal/core@9.3.22
purl pkg:composer/drupal/core@9.3.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.22
1
url pkg:composer/drupal/core@9.4.0-alpha1
purl pkg:composer/drupal/core@9.4.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1
2
url pkg:composer/drupal/core@9.4.7
purl pkg:composer/drupal/core@9.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.7
3
url pkg:composer/drupal/core@9.5.0-beta1
purl pkg:composer/drupal/core@9.5.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.0-beta1
aliases CVE-2022-39261, GHSA-52m2-vc4m-jj33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkch-a5yn-jyg1
19
url VCID-j7bj-atys-qfg3
vulnerability_id VCID-j7bj-atys-qfg3
summary 
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
reference_id
reference_type
scores
0
value 0.01148
scoring_system epss
scoring_elements 0.7884
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
3
reference_url https://www.drupal.org/sa-core-2024-004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/
url https://www.drupal.org/sa-core-2024-004
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
reference_id CVE-2024-55634
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
5
reference_url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
reference_id GHSA-7cwc-fjqm-8vh8
reference_type
scores
url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55634, GHSA-7cwc-fjqm-8vh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7bj-atys-qfg3
20
url VCID-kzrs-mrga-nyej
vulnerability_id VCID-kzrs-mrga-nyej
summary User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13922
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-007
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/
url https://www.drupal.org/sa-core-2025-007
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
reference_id CVE-2025-13082
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
4
reference_url https://github.com/advisories/GHSA-h89p-5896-f4q8
reference_id GHSA-h89p-5896-f4q8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h89p-5896-f4q8
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13082, GHSA-h89p-5896-f4q8
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzrs-mrga-nyej
21
url VCID-p54u-b18k-jyft
vulnerability_id VCID-p54u-b18k-jyft
summary Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.26138
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/
url https://www.drupal.org/sa-core-2025-005
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
reference_id CVE-2025-13080
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
4
reference_url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
reference_id GHSA-83v7-c2cf-p9c2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13080, GHSA-83v7-c2cf-p9c2
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p54u-b18k-jyft
22
url VCID-qwge-qrwn-1faj
vulnerability_id VCID-qwge-qrwn-1faj
summary 
Drupal Core Cross-Site Scripting (XSS)
Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12393
reference_id
reference_type
scores
0
value 0.02544
scoring_system epss
scoring_elements 0.85769
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12393
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8
3
reference_url https://www.drupal.org/sa-core-2024-003
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:36:16Z/
url https://www.drupal.org/sa-core-2024-003
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12393
reference_id CVE-2024-12393
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12393
5
reference_url https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
reference_id GHSA-8mvq-8h2v-j9vf
reference_type
scores
url https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-12393, GHSA-8mvq-8h2v-j9vf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwge-qrwn-1faj
23
url VCID-rd4g-h1j9-23cb
vulnerability_id VCID-rd4g-h1j9-23cb
summary 
Unrestricted Upload of File with Dangerous Type
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously does not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
reference_id
reference_type
scores
0
value 0.02448
scoring_system epss
scoring_elements 0.85496
published_at 2026-06-05T12:55:00Z
1
value 0.02448
scoring_system epss
scoring_elements 0.85472
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
3
reference_url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
4
reference_url https://www.drupal.org/sa-core-2022-014
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/
url https://www.drupal.org/sa-core-2022-014
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
reference_id CVE-2022-25277
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
reference_id CVE-2022-25277.YAML
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
7
reference_url https://github.com/advisories/GHSA-6955-67hm-vjjq
reference_id GHSA-6955-67hm-vjjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6955-67hm-vjjq
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25277, GHSA-6955-67hm-vjjq, GMS-2022-3361
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rd4g-h1j9-23cb
24
url VCID-t89y-c9hq-9bhk
vulnerability_id VCID-t89y-c9hq-9bhk
summary 
Drupal core Denial of Service vulnerability
The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
2
reference_url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
4
reference_url https://www.drupal.org/sa-core-2024-001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2024-001
5
reference_url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
reference_id GHSA-6ccv-8fgf-cjpw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
fixed_packages
0
url pkg:composer/drupal/core@10.1.8
purl pkg:composer/drupal/core@10.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8
1
url pkg:composer/drupal/core@10.2.2
purl pkg:composer/drupal/core@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2
aliases GHSA-6ccv-8fgf-cjpw, GMS-2024-214
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t89y-c9hq-9bhk
25
url VCID-tpzm-u3qp-akc8
vulnerability_id VCID-tpzm-u3qp-akc8
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.6851
published_at 2026-06-05T12:55:00Z
1
value 0.00555
scoring_system epss
scoring_elements 0.68469
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-002
3
reference_url https://security.archlinux.org/AVG-1463
reference_id AVG-1463
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1463
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
reference_id CVE-2020-13672
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
7
reference_url https://github.com/advisories/GHSA-3m36-mjwj-352c
reference_id GHSA-3m36-mjwj-352c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3m36-mjwj-352c
fixed_packages
0
url pkg:composer/drupal/core@9.0.12
purl pkg:composer/drupal/core@9.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12
1
url pkg:composer/drupal/core@9.1.7
purl pkg:composer/drupal/core@9.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-kzrs-mrga-nyej
22
vulnerability VCID-p54u-b18k-jyft
23
vulnerability VCID-pzp5-2bpz-jfe2
24
vulnerability VCID-qwge-qrwn-1faj
25
vulnerability VCID-rd4g-h1j9-23cb
26
vulnerability VCID-t89y-c9hq-9bhk
27
vulnerability VCID-xv4d-ped2-4udz
28
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7
aliases CVE-2020-13672, GHSA-3m36-mjwj-352c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpzm-u3qp-akc8
26
url VCID-uq9s-79g7-rqh6
vulnerability_id VCID-uq9s-79g7-rqh6
summary 
Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:
CVE-2020-28948
CVE-2020-28949

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml
2
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
3
reference_url https://github.com/advisories/GHSA-gxxj-g9v8-w28p
reference_id GHSA-gxxj-g9v8-w28p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gxxj-g9v8-w28p
fixed_packages
0
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-b266-wste-eqh6
10
vulnerability VCID-b8fw-ya7y-h7d8
11
vulnerability VCID-bge7-rqsx-gfee
12
vulnerability VCID-deks-ns51-nbdg
13
vulnerability VCID-dyhz-g3nv-yuc3
14
vulnerability VCID-egtv-y9w1-skgr
15
vulnerability VCID-hay8-hvsq-33bm
16
vulnerability VCID-hkch-a5yn-jyg1
17
vulnerability VCID-j7bj-atys-qfg3
18
vulnerability VCID-kzrs-mrga-nyej
19
vulnerability VCID-p54u-b18k-jyft
20
vulnerability VCID-qwge-qrwn-1faj
21
vulnerability VCID-rd4g-h1j9-23cb
22
vulnerability VCID-t89y-c9hq-9bhk
23
vulnerability VCID-tpzm-u3qp-akc8
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
aliases GHSA-gxxj-g9v8-w28p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uq9s-79g7-rqh6
27
url VCID-wsv7-je8g-sqet
vulnerability_id VCID-wsv7-je8g-sqet
summary 
Drupal core Unrestricted Upload of File with Dangerous Type
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 0.04504
scoring_system epss
scoring_elements 0.89338
published_at 2026-06-05T12:55:00Z
1
value 0.04504
scoring_system epss
scoring_elements 0.8932
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
6
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
7
reference_url https://www.drupal.org/sa-core-2020-012
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://www.drupal.org/sa-core-2020-012
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id 5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
reference_id CVE-2020-13671
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
12
reference_url https://github.com/advisories/GHSA-68jc-v27h-vhmw
reference_id GHSA-68jc-v27h-vhmw
reference_type
scores
url https://github.com/advisories/GHSA-68jc-v27h-vhmw
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
14
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
15
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@9.0.8
purl pkg:composer/drupal/core@9.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-xv4d-ped2-4udz
28
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.8
aliases CVE-2020-13671, GHSA-68jc-v27h-vhmw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsv7-je8g-sqet
28
url VCID-xv4d-ped2-4udz
vulnerability_id VCID-xv4d-ped2-4udz
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.

This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.

This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55636
reference_id
reference_type
scores
0
value 0.11473
scoring_system epss
scoring_elements 0.93753
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55636
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc
3
reference_url https://www.drupal.org/sa-core-2024-006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:21:16Z/
url https://www.drupal.org/sa-core-2024-006
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55636
reference_id CVE-2024-55636
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55636
5
reference_url https://github.com/advisories/GHSA-938f-5r4f-h65v
reference_id GHSA-938f-5r4f-h65v
reference_type
scores
url https://github.com/advisories/GHSA-938f-5r4f-h65v
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55636, GHSA-938f-5r4f-h65v
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xv4d-ped2-4udz
29
url VCID-yq4q-hydz-vuga
vulnerability_id VCID-yq4q-hydz-vuga
summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33091
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/
url https://www.drupal.org/sa-core-2025-006
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
reference_id CVE-2025-13081
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
4
reference_url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
reference_id GHSA-m6vv-vcj8-w8m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13081, GHSA-m6vv-vcj8-w8m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yq4q-hydz-vuga
Fixing_vulnerabilities
0
url VCID-31qy-vagp-83b6
vulnerability_id VCID-31qy-vagp-83b6
summary 
Exposure of Resource to Wrong Sphere
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62662
published_at 2026-06-04T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62706
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
3
reference_url https://www.drupal.org/sa-core-2020-011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-011
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
reference_id CVE-2020-13670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
7
reference_url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
reference_id GHSA-mmjr-5q74-p3m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-wsv7-je8g-sqet
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-xv4d-ped2-4udz
33
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13670, GHSA-mmjr-5q74-p3m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31qy-vagp-83b6
1
url VCID-9rmk-e8zd-9bcw
vulnerability_id VCID-9rmk-e8zd-9bcw
summary 
Incorrect Default Permissions
Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module does not sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13667
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34495
published_at 2026-06-05T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.34397
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13667
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13667.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13667.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13667.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13667.yaml
4
reference_url https://www.drupal.org/sa-core-2020-008
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-008
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13667
reference_id CVE-2020-13667
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13667
6
reference_url https://github.com/advisories/GHSA-x2q9-r8gm-f657
reference_id GHSA-x2q9-r8gm-f657
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2q9-r8gm-f657
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-wsv7-je8g-sqet
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-xv4d-ped2-4udz
33
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13667, GHSA-x2q9-r8gm-f657
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9rmk-e8zd-9bcw
2
url VCID-avmn-kqky-83dd
vulnerability_id VCID-avmn-kqky-83dd
summary 
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42349
published_at 2026-06-04T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42424
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-010
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
reference_id CVE-2020-13669
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
6
reference_url https://github.com/advisories/GHSA-c533-c843-67h8
reference_id GHSA-c533-c843-67h8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c533-c843-67h8
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-wsv7-je8g-sqet
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-xv4d-ped2-4udz
33
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13669, GHSA-c533-c843-67h8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avmn-kqky-83dd
3
url VCID-nacy-y1qt-5yhb
vulnerability_id VCID-nacy-y1qt-5yhb
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44935
published_at 2026-06-04T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.45004
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
3
reference_url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
4
reference_url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
5
reference_url https://www.drupal.org/sa-core-2020-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-009
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
reference_id CVE-2020-13668
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
9
reference_url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
reference_id GHSA-m6q5-wv4x-fv6h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-wsv7-je8g-sqet
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-xv4d-ped2-4udz
33
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13668, GHSA-m6q5-wv4x-fv6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nacy-y1qt-5yhb
4
url VCID-sg4r-hncm-dqcq
vulnerability_id VCID-sg4r-hncm-dqcq
summary 
Cross-site Scripting
A cross-site scripting vulnerability exists in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13666
reference_id
reference_type
scores
0
value 0.00509
scoring_system epss
scoring_elements 0.66703
published_at 2026-06-04T12:55:00Z
1
value 0.00509
scoring_system epss
scoring_elements 0.66744
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13666
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml
4
reference_url https://www.drupal.org/sa-core-2020-007
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-007
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13666
reference_id CVE-2020-13666
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13666
6
reference_url https://github.com/advisories/GHSA-8jj2-x2gc-ggm7
reference_id GHSA-8jj2-x2gc-ggm7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jj2-x2gc-ggm7
fixed_packages
0
url pkg:composer/drupal/core@7.73.0
purl pkg:composer/drupal/core@7.73.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.73.0
1
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-wsv7-je8g-sqet
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
2
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-xv4d-ped2-4udz
33
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
3
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13666, GHSA-8jj2-x2gc-ggm7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg4r-hncm-dqcq
5
url VCID-zr84-4jzv-2fd3
vulnerability_id VCID-zr84-4jzv-2fd3
summary 
Cross-site Scripting
Cross-site scripting vulnerability in Drupal Core allows an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13688
reference_id
reference_type
scores
0
value 0.0034
scoring_system epss
scoring_elements 0.56974
published_at 2026-06-04T12:55:00Z
1
value 0.0034
scoring_system epss
scoring_elements 0.57026
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13688
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2020-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-009
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13688
reference_id CVE-2020-13688
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13688
4
reference_url https://github.com/advisories/GHSA-qf2g-mrrx-rr5p
reference_id GHSA-qf2g-mrrx-rr5p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qf2g-mrrx-rr5p
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-wsv7-je8g-sqet
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-xv4d-ped2-4udz
33
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13688, GHSA-qf2g-mrrx-rr5p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr84-4jzv-2fd3
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6