Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/drupal/core@11.1.0-rc1
purl pkg:composer/drupal/core@11.1.0-rc1
Next non-vulnerable version 11.1.9
Latest non-vulnerable version 11.2.8
Risk 3.1
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-g33x-1paw-7udm
Aliases:
CVE-2025-13081
GHSA-m6vv-vcj8-w8m7
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-hgb1-xrne-e7c8
Aliases:
CVE-2025-13080
GHSA-83v7-c2cf-p9c2
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-hwnd-nuv7-jqbh
Aliases:
CVE-2025-13082
GHSA-h89p-5896-f4q8
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-syrg-ckq7-cbd6
Aliases:
CVE-2025-13083
GHSA-mhpg-hpj5-73r2
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-12T01:14:07.868335+00:00 GitLab Importer Affected by VCID-g33x-1paw-7udm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13081.yml 38.3.0
2026-04-12T01:14:05.464228+00:00 GitLab Importer Affected by VCID-syrg-ckq7-cbd6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13083.yml 38.3.0
2026-04-12T01:14:02.687196+00:00 GitLab Importer Affected by VCID-hgb1-xrne-e7c8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13080.yml 38.3.0
2026-04-12T01:13:59.511350+00:00 GitLab Importer Affected by VCID-hwnd-nuv7-jqbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13082.yml 38.3.0
2026-04-03T01:23:05.321236+00:00 GitLab Importer Affected by VCID-g33x-1paw-7udm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13081.yml 38.1.0
2026-04-03T01:23:03.011335+00:00 GitLab Importer Affected by VCID-syrg-ckq7-cbd6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13083.yml 38.1.0
2026-04-03T01:23:00.330201+00:00 GitLab Importer Affected by VCID-hgb1-xrne-e7c8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13080.yml 38.1.0
2026-04-03T01:22:57.064670+00:00 GitLab Importer Affected by VCID-hwnd-nuv7-jqbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13082.yml 38.1.0