Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/drupal/core@10.2.0-alpha1
purl pkg:composer/drupal/core@10.2.0-alpha1
Next non-vulnerable version 10.4.9
Latest non-vulnerable version 11.2.8
Risk
Vulnerabilities affecting this package (15)
Vulnerability Summary Fixed by
VCID-13ef-6vth-nugg
Aliases:
CVE-2025-13081
GHSA-m6vv-vcj8-w8m7
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-1jvt-6dac-7qc5
Aliases:
CVE-2025-13082
GHSA-h89p-5896-f4q8
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-63my-dg24-t3dj
Aliases:
CVE-2024-12393
GHSA-8mvq-8h2v-j9vf
10.2.11
Affected by 8 other vulnerabilities.
10.3.9
Affected by 8 other vulnerabilities.
11.0.8
Affected by 8 other vulnerabilities.
VCID-7d6n-s61h-z3gz
Aliases:
CVE-2024-55636
GHSA-938f-5r4f-h65v
10.2.11
Affected by 8 other vulnerabilities.
10.3.9
Affected by 8 other vulnerabilities.
11.0.8
Affected by 8 other vulnerabilities.
VCID-94kk-wy2f-6ue4
Aliases:
CVE-2024-11942
GHSA-52jr-x6h6-xj6g
10.2.10
Affected by 13 other vulnerabilities.
VCID-9bsd-gqyd-cuh5
Aliases:
CVE-2025-13083
GHSA-mhpg-hpj5-73r2
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-ddmy-kcmb-s7g7
Aliases:
CVE-2024-55638
GHSA-gvf2-2f4g-jqf4
10.2.11
Affected by 8 other vulnerabilities.
10.3.9
Affected by 8 other vulnerabilities.
VCID-mhcb-rdtq-sufx
Aliases:
CVE-2025-31674
GHSA-2qph-q8xw-gv7q
10.3.13
Affected by 5 other vulnerabilities.
10.4.3
Affected by 5 other vulnerabilities.
11.0.12
Affected by 5 other vulnerabilities.
11.1.3
Affected by 5 other vulnerabilities.
VCID-nf33-22v1-r3fj
Aliases:
CVE-2024-55637
GHSA-w6rx-9g2x-mg5g
10.2.11
Affected by 8 other vulnerabilities.
10.3.9
Affected by 8 other vulnerabilities.
11.0.8
Affected by 8 other vulnerabilities.
VCID-pyqg-gfn8-vqag
Aliases:
CVE-2025-3057
GHSA-39g6-x4x8-5jcm
10.3.13
Affected by 5 other vulnerabilities.
10.4.3
Affected by 5 other vulnerabilities.
11.0.12
Affected by 5 other vulnerabilities.
11.1.3
Affected by 5 other vulnerabilities.
VCID-qwwz-5n8j-9ben
Aliases:
CVE-2025-31675
GHSA-m4wj-hhwj-47qp
10.3.14
Affected by 4 other vulnerabilities.
10.4.5
Affected by 4 other vulnerabilities.
11.0.13
Affected by 4 other vulnerabilities.
11.1.5
Affected by 4 other vulnerabilities.
VCID-sbnt-qndd-xubz
Aliases:
CVE-2024-45440
GHSA-mg8j-w93w-xjgc
10.2.9
Affected by 14 other vulnerabilities.
10.3.0-beta1
Affected by 8 other vulnerabilities.
10.3.6
Affected by 13 other vulnerabilities.
11.0.0-alpha1
Affected by 0 other vulnerabilities.
11.0.5
Affected by 12 other vulnerabilities.
VCID-yb9a-1mp4-1kcz
Aliases:
CVE-2025-31673
GHSA-wpp8-fjgf-pwc7
10.3.13
Affected by 5 other vulnerabilities.
10.4.3
Affected by 5 other vulnerabilities.
11.0.12
Affected by 5 other vulnerabilities.
11.1.3
Affected by 5 other vulnerabilities.
VCID-z833-upr5-4ug5
Aliases:
CVE-2025-13080
GHSA-83v7-c2cf-p9c2
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-zhxf-bmyy-wff6
Aliases:
CVE-2024-55634
GHSA-7cwc-fjqm-8vh8
10.2.11
Affected by 8 other vulnerabilities.
10.3.9
Affected by 8 other vulnerabilities.
11.0.8
Affected by 8 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T09:09:59.485551+00:00 GitLab Importer Affected by VCID-13ef-6vth-nugg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13081.yml 38.6.0
2026-06-01T09:09:56.602890+00:00 GitLab Importer Affected by VCID-9bsd-gqyd-cuh5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13083.yml 38.6.0
2026-06-01T09:09:53.460806+00:00 GitLab Importer Affected by VCID-z833-upr5-4ug5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13080.yml 38.6.0
2026-06-01T09:09:49.972613+00:00 GitLab Importer Affected by VCID-1jvt-6dac-7qc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13082.yml 38.6.0
2026-06-01T08:37:23.962443+00:00 GitLab Importer Affected by VCID-mhcb-rdtq-sufx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml 38.6.0
2026-06-01T08:37:19.247060+00:00 GitLab Importer Affected by VCID-pyqg-gfn8-vqag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml 38.6.0
2026-06-01T08:37:16.145393+00:00 GitLab Importer Affected by VCID-qwwz-5n8j-9ben https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml 38.6.0
2026-06-01T08:37:14.131999+00:00 GitLab Importer Affected by VCID-yb9a-1mp4-1kcz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml 38.6.0
2026-06-01T08:26:17.440567+00:00 GitLab Importer Affected by VCID-63my-dg24-t3dj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-12393.yml 38.6.0
2026-06-01T08:26:09.367047+00:00 GitLab Importer Affected by VCID-nf33-22v1-r3fj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-55637.yml 38.6.0
2026-06-01T08:26:06.319606+00:00 GitLab Importer Affected by VCID-ddmy-kcmb-s7g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-55638.yml 38.6.0
2026-06-01T08:26:00.325394+00:00 GitLab Importer Affected by VCID-zhxf-bmyy-wff6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-55634.yml 38.6.0
2026-06-01T08:25:56.786166+00:00 GitLab Importer Affected by VCID-7d6n-s61h-z3gz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-55636.yml 38.6.0
2026-06-01T08:25:38.429959+00:00 GitLab Importer Affected by VCID-94kk-wy2f-6ue4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-11942.yml 38.6.0
2026-06-01T08:13:32.049952+00:00 GitLab Importer Affected by VCID-sbnt-qndd-xubz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml 38.6.0