Search for packages
| purl | pkg:composer/drupal/core@11.2.11 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-mb8x-dcy7-5udu | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7. |
CVE-2026-6366
GHSA-xmjc-63pr-2mpg |
| VCID-saqq-4efb-affy | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7. |
CVE-2026-6365
GHSA-f3cj-mjqm-fhvj |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T07:52:02.405113+00:00 | GithubOSV Importer | Fixing | VCID-mb8x-dcy7-5udu | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-xmjc-63pr-2mpg/GHSA-xmjc-63pr-2mpg.json | 38.6.0 |
| 2026-06-12T07:51:52.143913+00:00 | GithubOSV Importer | Fixing | VCID-saqq-4efb-affy | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-f3cj-mjqm-fhvj/GHSA-f3cj-mjqm-fhvj.json | 38.6.0 |
| 2026-06-11T20:38:47.139457+00:00 | GHSA Importer | Fixing | VCID-mb8x-dcy7-5udu | https://github.com/advisories/GHSA-xmjc-63pr-2mpg | 38.6.0 |
| 2026-06-11T20:38:47.047907+00:00 | GHSA Importer | Fixing | VCID-saqq-4efb-affy | https://github.com/advisories/GHSA-f3cj-mjqm-fhvj | 38.6.0 |