VulnerableCode Package Details - pkg:composer/drupal/core@11.1.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-g33x-1paw-7udm Aliases: CVE-2025-13081 GHSA-m6vv-vcj8-w8m7	Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.	11.1.9 Affected by 0 other vulnerabilities. 11.2.8 Affected by 0 other vulnerabilities.
VCID-hgb1-xrne-e7c8 Aliases: CVE-2025-13080 GHSA-83v7-c2cf-p9c2	Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.	11.1.9 Affected by 0 other vulnerabilities. 11.2.8 Affected by 0 other vulnerabilities.
VCID-hwnd-nuv7-jqbh Aliases: CVE-2025-13082 GHSA-h89p-5896-f4q8	User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.	11.1.9 Affected by 0 other vulnerabilities. 11.2.8 Affected by 0 other vulnerabilities.
VCID-syrg-ckq7-cbd6 Aliases: CVE-2025-13083 GHSA-mhpg-hpj5-73r2	Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.	11.1.9 Affected by 0 other vulnerabilities. 11.2.8 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-g33x-1paw-7udm
Aliases:
CVE-2025-13081
GHSA-m6vv-vcj8-w8m7

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

11.1.9
Affected by 0 other vulnerabilities.

11.2.8
Affected by 0 other vulnerabilities.

VCID-hgb1-xrne-e7c8
Aliases:
CVE-2025-13080
GHSA-83v7-c2cf-p9c2

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

11.1.9
Affected by 0 other vulnerabilities.

11.2.8
Affected by 0 other vulnerabilities.

VCID-hwnd-nuv7-jqbh
Aliases:
CVE-2025-13082
GHSA-h89p-5896-f4q8

User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

11.1.9
Affected by 0 other vulnerabilities.

11.2.8
Affected by 0 other vulnerabilities.

VCID-syrg-ckq7-cbd6
Aliases:
CVE-2025-13083
GHSA-mhpg-hpj5-73r2

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.

11.1.9
Affected by 0 other vulnerabilities.

11.2.8
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ed6y-c9tz-mbds	Drupal Core Cross-Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.	CVE-2025-31675 GHSA-m4wj-hhwj-47qp

Vulnerability

Summary

Aliases

VCID-ed6y-c9tz-mbds

Drupal Core Cross-Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.

CVE-2025-31675
GHSA-m4wj-hhwj-47qp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-12T01:14:07.890528+00:00	GitLab Importer	Affected by	VCID-g33x-1paw-7udm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13081.yml	38.3.0
2026-04-12T01:14:05.486293+00:00	GitLab Importer	Affected by	VCID-syrg-ckq7-cbd6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13083.yml	38.3.0
2026-04-12T01:14:02.711898+00:00	GitLab Importer	Affected by	VCID-hgb1-xrne-e7c8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13080.yml	38.3.0
2026-04-12T01:13:59.534873+00:00	GitLab Importer	Affected by	VCID-hwnd-nuv7-jqbh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13082.yml	38.3.0
2026-04-12T00:44:50.567751+00:00	GitLab Importer	Fixing	VCID-ed6y-c9tz-mbds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	38.3.0
2026-04-07T14:17:24.427772+00:00	GithubOSV Importer	Fixing	VCID-ed6y-c9tz-mbds	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-m4wj-hhwj-47qp/GHSA-m4wj-hhwj-47qp.json	38.1.0
2026-04-07T04:57:27.081750+00:00	GHSA Importer	Fixing	VCID-ed6y-c9tz-mbds	https://github.com/advisories/GHSA-m4wj-hhwj-47qp	38.1.0
2026-04-03T01:23:05.343037+00:00	GitLab Importer	Affected by	VCID-g33x-1paw-7udm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13081.yml	38.1.0
2026-04-03T01:23:03.033459+00:00	GitLab Importer	Affected by	VCID-syrg-ckq7-cbd6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13083.yml	38.1.0
2026-04-03T01:23:00.352409+00:00	GitLab Importer	Affected by	VCID-hgb1-xrne-e7c8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13080.yml	38.1.0
2026-04-03T01:22:57.086522+00:00	GitLab Importer	Affected by	VCID-hwnd-nuv7-jqbh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13082.yml	38.1.0
2026-04-03T00:52:58.475576+00:00	GitLab Importer	Fixing	VCID-ed6y-c9tz-mbds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	38.1.0
2026-04-02T12:41:10.970243+00:00	GitLab Importer	Fixing	VCID-ed6y-c9tz-mbds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	38.0.0
2026-04-01T12:54:55.247167+00:00	GithubOSV Importer	Fixing	VCID-ed6y-c9tz-mbds	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-m4wj-hhwj-47qp/GHSA-m4wj-hhwj-47qp.json	38.0.0