Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/drupal/core@10.4.2
purl pkg:composer/drupal/core@10.4.2
Next non-vulnerable version 10.4.9
Latest non-vulnerable version 11.2.8
Risk 3.1
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-ed6y-c9tz-mbds
Aliases:
CVE-2025-31675
GHSA-m4wj-hhwj-47qp
Drupal Core Cross-Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.
10.4.5
Affected by 4 other vulnerabilities.
11.0.13
Affected by 4 other vulnerabilities.
11.1.5
Affected by 4 other vulnerabilities.
VCID-g33x-1paw-7udm
Aliases:
CVE-2025-13081
GHSA-m6vv-vcj8-w8m7
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-hgb1-xrne-e7c8
Aliases:
CVE-2025-13080
GHSA-83v7-c2cf-p9c2
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-hwnd-nuv7-jqbh
Aliases:
CVE-2025-13082
GHSA-h89p-5896-f4q8
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-j21d-w3g7-cbcg
Aliases:
CVE-2025-31673
GHSA-wpp8-fjgf-pwc7
Drupal Core Vulnerable to Forceful Browsing Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
10.4.3
Affected by 5 other vulnerabilities.
11.0.12
Affected by 5 other vulnerabilities.
11.1.3
Affected by 5 other vulnerabilities.
VCID-kam1-84p4-qych
Aliases:
CVE-2025-31674
GHSA-2qph-q8xw-gv7q
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
10.4.3
Affected by 5 other vulnerabilities.
11.0.12
Affected by 5 other vulnerabilities.
11.1.3
Affected by 5 other vulnerabilities.
VCID-syrg-ckq7-cbd6
Aliases:
CVE-2025-13083
GHSA-mhpg-hpj5-73r2
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-vrdx-165p-efda
Aliases:
CVE-2025-3057
GHSA-39g6-x4x8-5jcm
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
10.4.3
Affected by 5 other vulnerabilities.
11.0.12
Affected by 5 other vulnerabilities.
11.1.3
Affected by 5 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-12T01:14:07.734143+00:00 GitLab Importer Affected by VCID-g33x-1paw-7udm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13081.yml 38.3.0
2026-04-12T01:14:05.333620+00:00 GitLab Importer Affected by VCID-syrg-ckq7-cbd6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13083.yml 38.3.0
2026-04-12T01:14:02.537015+00:00 GitLab Importer Affected by VCID-hgb1-xrne-e7c8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13080.yml 38.3.0
2026-04-12T01:13:59.369458+00:00 GitLab Importer Affected by VCID-hwnd-nuv7-jqbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13082.yml 38.3.0
2026-04-12T00:44:57.369956+00:00 GitLab Importer Affected by VCID-kam1-84p4-qych https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml 38.3.0
2026-04-12T00:44:53.336728+00:00 GitLab Importer Affected by VCID-vrdx-165p-efda https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml 38.3.0
2026-04-12T00:44:50.453470+00:00 GitLab Importer Affected by VCID-ed6y-c9tz-mbds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml 38.3.0
2026-04-12T00:44:48.718602+00:00 GitLab Importer Affected by VCID-j21d-w3g7-cbcg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml 38.3.0
2026-04-03T01:23:05.190218+00:00 GitLab Importer Affected by VCID-g33x-1paw-7udm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13081.yml 38.1.0
2026-04-03T01:23:02.882204+00:00 GitLab Importer Affected by VCID-syrg-ckq7-cbd6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13083.yml 38.1.0
2026-04-03T01:23:00.200905+00:00 GitLab Importer Affected by VCID-hgb1-xrne-e7c8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13080.yml 38.1.0
2026-04-03T01:22:56.928636+00:00 GitLab Importer Affected by VCID-hwnd-nuv7-jqbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13082.yml 38.1.0
2026-04-03T00:52:58.370651+00:00 GitLab Importer Affected by VCID-ed6y-c9tz-mbds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml 38.1.0
2026-04-03T00:52:52.437343+00:00 GitLab Importer Affected by VCID-kam1-84p4-qych https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml 38.1.0
2026-04-03T00:52:48.574214+00:00 GitLab Importer Affected by VCID-vrdx-165p-efda https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml 38.1.0
2026-04-03T00:52:45.904649+00:00 GitLab Importer Affected by VCID-j21d-w3g7-cbcg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml 38.1.0