Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@11.0.0
Typecomposer
Namespacedrupal
Namecore
Version11.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version11.1.9
Latest_non_vulnerable_version11.2.8
Affected_by_vulnerabilities
0
url VCID-1nf6-3q5b-gqfm
vulnerability_id VCID-1nf6-3q5b-gqfm
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.

This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.

This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55636
reference_id
reference_type
scores
0
value 0.08785
scoring_system epss
scoring_elements 0.92495
published_at 2026-04-04T12:55:00Z
1
value 0.08785
scoring_system epss
scoring_elements 0.92534
published_at 2026-04-21T12:55:00Z
2
value 0.08785
scoring_system epss
scoring_elements 0.92531
published_at 2026-04-18T12:55:00Z
3
value 0.08785
scoring_system epss
scoring_elements 0.92532
published_at 2026-04-16T12:55:00Z
4
value 0.08785
scoring_system epss
scoring_elements 0.92522
published_at 2026-04-12T12:55:00Z
5
value 0.08785
scoring_system epss
scoring_elements 0.92521
published_at 2026-04-13T12:55:00Z
6
value 0.08785
scoring_system epss
scoring_elements 0.92514
published_at 2026-04-09T12:55:00Z
7
value 0.08785
scoring_system epss
scoring_elements 0.9251
published_at 2026-04-08T12:55:00Z
8
value 0.08785
scoring_system epss
scoring_elements 0.92498
published_at 2026-04-07T12:55:00Z
9
value 0.08785
scoring_system epss
scoring_elements 0.92486
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55636
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55636
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55636
4
reference_url https://www.drupal.org/sa-core-2024-006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:21:16Z/
url https://www.drupal.org/sa-core-2024-006
5
reference_url https://github.com/advisories/GHSA-938f-5r4f-h65v
reference_id GHSA-938f-5r4f-h65v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-938f-5r4f-h65v
fixed_packages
0
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-j21d-w3g7-cbcg
5
vulnerability VCID-kam1-84p4-qych
6
vulnerability VCID-syrg-ckq7-cbd6
7
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55636, GHSA-938f-5r4f-h65v
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1nf6-3q5b-gqfm
1
url VCID-2s8m-ujzb-skd1
vulnerability_id VCID-2s8m-ujzb-skd1
summary 
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to `unserialize()`. There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a `TypeError`.

This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55637
reference_id
reference_type
scores
0
value 0.07606
scoring_system epss
scoring_elements 0.9183
published_at 2026-04-04T12:55:00Z
1
value 0.07606
scoring_system epss
scoring_elements 0.91871
published_at 2026-04-21T12:55:00Z
2
value 0.07606
scoring_system epss
scoring_elements 0.91872
published_at 2026-04-18T12:55:00Z
3
value 0.07606
scoring_system epss
scoring_elements 0.91876
published_at 2026-04-16T12:55:00Z
4
value 0.07606
scoring_system epss
scoring_elements 0.9186
published_at 2026-04-12T12:55:00Z
5
value 0.07606
scoring_system epss
scoring_elements 0.91856
published_at 2026-04-13T12:55:00Z
6
value 0.07606
scoring_system epss
scoring_elements 0.91851
published_at 2026-04-08T12:55:00Z
7
value 0.07606
scoring_system epss
scoring_elements 0.91838
published_at 2026-04-07T12:55:00Z
8
value 0.07606
scoring_system epss
scoring_elements 0.91823
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55637
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55637
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55637
4
reference_url https://www.drupal.org/sa-core-2024-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:20:25Z/
url https://www.drupal.org/sa-core-2024-007
5
reference_url https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
reference_id GHSA-w6rx-9g2x-mg5g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w6rx-9g2x-mg5g
fixed_packages
0
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-j21d-w3g7-cbcg
5
vulnerability VCID-kam1-84p4-qych
6
vulnerability VCID-syrg-ckq7-cbd6
7
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55637, GHSA-w6rx-9g2x-mg5g
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2s8m-ujzb-skd1
2
url VCID-ed6y-c9tz-mbds
vulnerability_id VCID-ed6y-c9tz-mbds
summary 
Drupal Core Cross-Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
reference_id
reference_type
scores
0
value 0.00091
scoring_system epss
scoring_elements 0.25593
published_at 2026-04-21T12:55:00Z
1
value 0.00232
scoring_system epss
scoring_elements 0.46026
published_at 2026-04-18T12:55:00Z
2
value 0.00232
scoring_system epss
scoring_elements 0.4603
published_at 2026-04-16T12:55:00Z
3
value 0.00232
scoring_system epss
scoring_elements 0.45968
published_at 2026-04-12T12:55:00Z
4
value 0.00232
scoring_system epss
scoring_elements 0.45996
published_at 2026-04-11T12:55:00Z
5
value 0.00232
scoring_system epss
scoring_elements 0.45975
published_at 2026-04-13T12:55:00Z
6
value 0.00232
scoring_system epss
scoring_elements 0.45919
published_at 2026-04-07T12:55:00Z
7
value 0.00232
scoring_system epss
scoring_elements 0.45972
published_at 2026-04-09T12:55:00Z
8
value 0.00272
scoring_system epss
scoring_elements 0.50622
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
3
reference_url https://www.drupal.org/sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.drupal.org/sa-core-2025-004
4
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
reference_id cve-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
5
reference_url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
reference_id GHSA-m4wj-hhwj-47qp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
6
reference_url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
reference_id link-moderately-critical-cross-site-scripting-sa-core-2025-004
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
fixed_packages
0
url pkg:composer/drupal/core@11.0.13
purl pkg:composer/drupal/core@11.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g33x-1paw-7udm
1
vulnerability VCID-hgb1-xrne-e7c8
2
vulnerability VCID-hwnd-nuv7-jqbh
3
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13
1
url pkg:composer/drupal/core@11.1.5
purl pkg:composer/drupal/core@11.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g33x-1paw-7udm
1
vulnerability VCID-hgb1-xrne-e7c8
2
vulnerability VCID-hwnd-nuv7-jqbh
3
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5
aliases CVE-2025-31675, GHSA-m4wj-hhwj-47qp
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ed6y-c9tz-mbds
3
url VCID-g33x-1paw-7udm
vulnerability_id VCID-g33x-1paw-7udm
summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.2821
published_at 2026-04-21T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.28256
published_at 2026-04-18T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.29415
published_at 2026-04-13T12:55:00Z
3
value 0.0011
scoring_system epss
scoring_elements 0.29435
published_at 2026-04-16T12:55:00Z
4
value 0.0011
scoring_system epss
scoring_elements 0.29511
published_at 2026-04-11T12:55:00Z
5
value 0.0011
scoring_system epss
scoring_elements 0.29467
published_at 2026-04-12T12:55:00Z
6
value 0.00199
scoring_system epss
scoring_elements 0.41909
published_at 2026-04-07T12:55:00Z
7
value 0.00199
scoring_system epss
scoring_elements 0.41971
published_at 2026-04-09T12:55:00Z
8
value 0.00199
scoring_system epss
scoring_elements 0.41983
published_at 2026-04-04T12:55:00Z
9
value 0.00199
scoring_system epss
scoring_elements 0.41959
published_at 2026-04-08T12:55:00Z
10
value 0.00199
scoring_system epss
scoring_elements 0.41955
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/
url https://www.drupal.org/sa-core-2025-006
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
reference_id CVE-2025-13081
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
4
reference_url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
reference_id GHSA-m6vv-vcj8-w8m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
fixed_packages
0
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
1
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13081, GHSA-m6vv-vcj8-w8m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g33x-1paw-7udm
4
url VCID-hgb1-xrne-e7c8
vulnerability_id VCID-hgb1-xrne-e7c8
summary Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23304
published_at 2026-04-21T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23321
published_at 2026-04-18T12:55:00Z
2
value 0.00082
scoring_system epss
scoring_elements 0.24067
published_at 2026-04-11T12:55:00Z
3
value 0.00082
scoring_system epss
scoring_elements 0.23978
published_at 2026-04-16T12:55:00Z
4
value 0.00082
scoring_system epss
scoring_elements 0.23969
published_at 2026-04-13T12:55:00Z
5
value 0.00082
scoring_system epss
scoring_elements 0.24025
published_at 2026-04-12T12:55:00Z
6
value 0.00102
scoring_system epss
scoring_elements 0.28224
published_at 2026-04-04T12:55:00Z
7
value 0.00102
scoring_system epss
scoring_elements 0.28181
published_at 2026-04-02T12:55:00Z
8
value 0.00102
scoring_system epss
scoring_elements 0.28019
published_at 2026-04-07T12:55:00Z
9
value 0.00102
scoring_system epss
scoring_elements 0.28086
published_at 2026-04-08T12:55:00Z
10
value 0.00102
scoring_system epss
scoring_elements 0.28129
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/
url https://www.drupal.org/sa-core-2025-005
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
reference_id CVE-2025-13080
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
4
reference_url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
reference_id GHSA-83v7-c2cf-p9c2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
fixed_packages
0
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
1
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13080, GHSA-83v7-c2cf-p9c2
risk_score 1.9
exploitability 0.5
weighted_severity 3.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgb1-xrne-e7c8
5
url VCID-hwnd-nuv7-jqbh
vulnerability_id VCID-hwnd-nuv7-jqbh
summary User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11111
published_at 2026-04-21T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.10973
published_at 2026-04-18T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11666
published_at 2026-04-11T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.11465
published_at 2026-04-16T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.11603
published_at 2026-04-13T12:55:00Z
5
value 0.00039
scoring_system epss
scoring_elements 0.1163
published_at 2026-04-12T12:55:00Z
6
value 0.00073
scoring_system epss
scoring_elements 0.2234
published_at 2026-04-04T12:55:00Z
7
value 0.00073
scoring_system epss
scoring_elements 0.22297
published_at 2026-04-02T12:55:00Z
8
value 0.00073
scoring_system epss
scoring_elements 0.22125
published_at 2026-04-07T12:55:00Z
9
value 0.00073
scoring_system epss
scoring_elements 0.22208
published_at 2026-04-08T12:55:00Z
10
value 0.00073
scoring_system epss
scoring_elements 0.22263
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-007
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/
url https://www.drupal.org/sa-core-2025-007
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
reference_id CVE-2025-13082
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
4
reference_url https://github.com/advisories/GHSA-h89p-5896-f4q8
reference_id GHSA-h89p-5896-f4q8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h89p-5896-f4q8
fixed_packages
0
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
1
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13082, GHSA-h89p-5896-f4q8
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwnd-nuv7-jqbh
6
url VCID-j21d-w3g7-cbcg
vulnerability_id VCID-j21d-w3g7-cbcg
summary 
Drupal Core Vulnerable to Forceful Browsing
Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39185
published_at 2026-04-21T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39281
published_at 2026-04-02T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39304
published_at 2026-04-04T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.39223
published_at 2026-04-07T12:55:00Z
4
value 0.00177
scoring_system epss
scoring_elements 0.39278
published_at 2026-04-08T12:55:00Z
5
value 0.00177
scoring_system epss
scoring_elements 0.39294
published_at 2026-04-09T12:55:00Z
6
value 0.00177
scoring_system epss
scoring_elements 0.39306
published_at 2026-04-11T12:55:00Z
7
value 0.00177
scoring_system epss
scoring_elements 0.39268
published_at 2026-04-12T12:55:00Z
8
value 0.00177
scoring_system epss
scoring_elements 0.39249
published_at 2026-04-13T12:55:00Z
9
value 0.00177
scoring_system epss
scoring_elements 0.39302
published_at 2026-04-16T12:55:00Z
10
value 0.00177
scoring_system epss
scoring_elements 0.39273
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
3
reference_url https://www.drupal.org/sa-core-2025-002
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/
url https://www.drupal.org/sa-core-2025-002
4
reference_url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
reference_id GHSA-wpp8-fjgf-pwc7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
fixed_packages
0
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
1
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31673, GHSA-wpp8-fjgf-pwc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j21d-w3g7-cbcg
7
url VCID-kam1-84p4-qych
vulnerability_id VCID-kam1-84p4-qych
summary 
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
reference_id
reference_type
scores
0
value 0.00845
scoring_system epss
scoring_elements 0.74744
published_at 2026-04-07T12:55:00Z
1
value 0.00845
scoring_system epss
scoring_elements 0.74818
published_at 2026-04-21T12:55:00Z
2
value 0.00845
scoring_system epss
scoring_elements 0.74828
published_at 2026-04-18T12:55:00Z
3
value 0.00845
scoring_system epss
scoring_elements 0.7482
published_at 2026-04-16T12:55:00Z
4
value 0.00845
scoring_system epss
scoring_elements 0.74785
published_at 2026-04-13T12:55:00Z
5
value 0.00845
scoring_system epss
scoring_elements 0.74794
published_at 2026-04-12T12:55:00Z
6
value 0.00845
scoring_system epss
scoring_elements 0.74743
published_at 2026-04-02T12:55:00Z
7
value 0.00845
scoring_system epss
scoring_elements 0.74815
published_at 2026-04-11T12:55:00Z
8
value 0.00845
scoring_system epss
scoring_elements 0.74791
published_at 2026-04-09T12:55:00Z
9
value 0.00845
scoring_system epss
scoring_elements 0.7477
published_at 2026-04-04T12:55:00Z
10
value 0.00845
scoring_system epss
scoring_elements 0.74777
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
3
reference_url https://www.drupal.org/sa-core-2025-003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/
url https://www.drupal.org/sa-core-2025-003
4
reference_url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
reference_id GHSA-2qph-q8xw-gv7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
fixed_packages
0
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
1
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31674, GHSA-2qph-q8xw-gv7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kam1-84p4-qych
8
url VCID-q4qx-7s1y-q3hc
vulnerability_id VCID-q4qx-7s1y-q3hc
summary 
Drupal Core Cross-Site Scripting (XSS)
Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12393
reference_id
reference_type
scores
0
value 0.01889
scoring_system epss
scoring_elements 0.83165
published_at 2026-04-08T12:55:00Z
1
value 0.01889
scoring_system epss
scoring_elements 0.83219
published_at 2026-04-21T12:55:00Z
2
value 0.01889
scoring_system epss
scoring_elements 0.83217
published_at 2026-04-18T12:55:00Z
3
value 0.01889
scoring_system epss
scoring_elements 0.83179
published_at 2026-04-13T12:55:00Z
4
value 0.01889
scoring_system epss
scoring_elements 0.83183
published_at 2026-04-12T12:55:00Z
5
value 0.01889
scoring_system epss
scoring_elements 0.83189
published_at 2026-04-11T12:55:00Z
6
value 0.01889
scoring_system epss
scoring_elements 0.83129
published_at 2026-04-02T12:55:00Z
7
value 0.01889
scoring_system epss
scoring_elements 0.83142
published_at 2026-04-04T12:55:00Z
8
value 0.01889
scoring_system epss
scoring_elements 0.83141
published_at 2026-04-07T12:55:00Z
9
value 0.01889
scoring_system epss
scoring_elements 0.83173
published_at 2026-04-09T12:55:00Z
10
value 0.01889
scoring_system epss
scoring_elements 0.83216
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12393
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12393
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12393
4
reference_url https://www.drupal.org/sa-core-2024-003
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:36:16Z/
url https://www.drupal.org/sa-core-2024-003
5
reference_url https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
reference_id GHSA-8mvq-8h2v-j9vf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8mvq-8h2v-j9vf
fixed_packages
0
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-j21d-w3g7-cbcg
5
vulnerability VCID-kam1-84p4-qych
6
vulnerability VCID-syrg-ckq7-cbd6
7
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-12393, GHSA-8mvq-8h2v-j9vf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4qx-7s1y-q3hc
9
url VCID-syrg-ckq7-cbd6
vulnerability_id VCID-syrg-ckq7-cbd6
summary Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01041
published_at 2026-04-13T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01045
published_at 2026-04-11T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01035
published_at 2026-04-16T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.0469
published_at 2026-04-07T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04655
published_at 2026-04-02T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04677
published_at 2026-04-04T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04736
published_at 2026-04-09T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04724
published_at 2026-04-08T12:55:00Z
8
value 9e-05
scoring_system epss
scoring_elements 0.01022
published_at 2026-04-21T12:55:00Z
9
value 9e-05
scoring_system epss
scoring_elements 0.00966
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-008
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/
url https://www.drupal.org/sa-core-2025-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
reference_id CVE-2025-13083
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
4
reference_url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
reference_id GHSA-mhpg-hpj5-73r2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
fixed_packages
0
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
1
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13083, GHSA-mhpg-hpj5-73r2
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-syrg-ckq7-cbd6
10
url VCID-u4w3-usvb-jyf6
vulnerability_id VCID-u4w3-usvb-jyf6
summary 
Drupal Full Path Disclosure
`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
reference_id
reference_type
scores
0
value 0.86443
scoring_system epss
scoring_elements 0.99404
published_at 2026-04-02T12:55:00Z
1
value 0.86443
scoring_system epss
scoring_elements 0.99405
published_at 2026-04-04T12:55:00Z
2
value 0.87227
scoring_system epss
scoring_elements 0.99452
published_at 2026-04-18T12:55:00Z
3
value 0.87227
scoring_system epss
scoring_elements 0.99449
published_at 2026-04-13T12:55:00Z
4
value 0.87227
scoring_system epss
scoring_elements 0.99448
published_at 2026-04-11T12:55:00Z
5
value 0.87227
scoring_system epss
scoring_elements 0.99445
published_at 2026-04-07T12:55:00Z
6
value 0.87227
scoring_system epss
scoring_elements 0.99447
published_at 2026-04-09T12:55:00Z
7
value 0.87227
scoring_system epss
scoring_elements 0.99453
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://github.com/github/advisory-database/pull/4827
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/4827
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
4
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://senscybersecurity.nl/CVE-2024-45440-Explained
5
reference_url https://www.drupal.org/project/drupal/issues/3457781
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://www.drupal.org/project/drupal/issues/3457781
6
reference_url https://www.drupal.org/project/drupal/releases/10.2.9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.2.9
7
reference_url https://www.drupal.org/project/drupal/releases/10.3.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.3.6
8
reference_url https://www.drupal.org/project/drupal/releases/11.0.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/11.0.5
9
reference_url https://www.exploit-db.com/exploits/52266
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/52266
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
reference_id CVE-2024-45440
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
11
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained/
reference_id CVE-2024-45440-Explained
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://senscybersecurity.nl/CVE-2024-45440-Explained/
12
reference_url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
reference_id GHSA-mg8j-w93w-xjgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
fixed_packages
0
url pkg:composer/drupal/core@11.0.5
purl pkg:composer/drupal/core@11.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nf6-3q5b-gqfm
1
vulnerability VCID-2s8m-ujzb-skd1
2
vulnerability VCID-ed6y-c9tz-mbds
3
vulnerability VCID-g33x-1paw-7udm
4
vulnerability VCID-hgb1-xrne-e7c8
5
vulnerability VCID-hwnd-nuv7-jqbh
6
vulnerability VCID-j21d-w3g7-cbcg
7
vulnerability VCID-kam1-84p4-qych
8
vulnerability VCID-q4qx-7s1y-q3hc
9
vulnerability VCID-syrg-ckq7-cbd6
10
vulnerability VCID-vevm-4sfk-f7gq
11
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5
aliases CVE-2024-45440, GHSA-mg8j-w93w-xjgc
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4w3-usvb-jyf6
11
url VCID-vevm-4sfk-f7gq
vulnerability_id VCID-vevm-4sfk-f7gq
summary 
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
reference_id
reference_type
scores
0
value 0.00848
scoring_system epss
scoring_elements 0.74881
published_at 2026-04-21T12:55:00Z
1
value 0.00848
scoring_system epss
scoring_elements 0.74805
published_at 2026-04-02T12:55:00Z
2
value 0.00848
scoring_system epss
scoring_elements 0.74833
published_at 2026-04-04T12:55:00Z
3
value 0.00848
scoring_system epss
scoring_elements 0.74806
published_at 2026-04-07T12:55:00Z
4
value 0.00848
scoring_system epss
scoring_elements 0.74839
published_at 2026-04-08T12:55:00Z
5
value 0.00848
scoring_system epss
scoring_elements 0.74853
published_at 2026-04-09T12:55:00Z
6
value 0.00848
scoring_system epss
scoring_elements 0.74877
published_at 2026-04-11T12:55:00Z
7
value 0.00848
scoring_system epss
scoring_elements 0.74856
published_at 2026-04-12T12:55:00Z
8
value 0.00848
scoring_system epss
scoring_elements 0.74846
published_at 2026-04-13T12:55:00Z
9
value 0.00848
scoring_system epss
scoring_elements 0.74883
published_at 2026-04-16T12:55:00Z
10
value 0.00848
scoring_system epss
scoring_elements 0.7489
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
4
reference_url https://www.drupal.org/sa-core-2024-004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/
url https://www.drupal.org/sa-core-2024-004
5
reference_url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
reference_id GHSA-7cwc-fjqm-8vh8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
fixed_packages
0
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-j21d-w3g7-cbcg
5
vulnerability VCID-kam1-84p4-qych
6
vulnerability VCID-syrg-ckq7-cbd6
7
vulnerability VCID-vrdx-165p-efda
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55634, GHSA-7cwc-fjqm-8vh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vevm-4sfk-f7gq
12
url VCID-vrdx-165p-efda
vulnerability_id VCID-vrdx-165p-efda
summary 
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.6107
published_at 2026-04-08T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61106
published_at 2026-04-21T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61123
published_at 2026-04-18T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.61116
published_at 2026-04-16T12:55:00Z
4
value 0.00406
scoring_system epss
scoring_elements 0.61074
published_at 2026-04-13T12:55:00Z
5
value 0.00406
scoring_system epss
scoring_elements 0.61093
published_at 2026-04-12T12:55:00Z
6
value 0.00406
scoring_system epss
scoring_elements 0.61028
published_at 2026-04-02T12:55:00Z
7
value 0.00406
scoring_system epss
scoring_elements 0.61107
published_at 2026-04-11T12:55:00Z
8
value 0.00406
scoring_system epss
scoring_elements 0.61056
published_at 2026-04-04T12:55:00Z
9
value 0.00406
scoring_system epss
scoring_elements 0.61086
published_at 2026-04-09T12:55:00Z
10
value 0.00406
scoring_system epss
scoring_elements 0.61022
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
3
reference_url https://www.drupal.org/sa-core-2025-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/
url https://www.drupal.org/sa-core-2025-001
4
reference_url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
reference_id GHSA-39g6-x4x8-5jcm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
fixed_packages
0
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
1
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ed6y-c9tz-mbds
1
vulnerability VCID-g33x-1paw-7udm
2
vulnerability VCID-hgb1-xrne-e7c8
3
vulnerability VCID-hwnd-nuv7-jqbh
4
vulnerability VCID-syrg-ckq7-cbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-3057, GHSA-39g6-x4x8-5jcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrdx-165p-efda
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0