VulnerableCode Package Details - pkg:composer/drupal/core@11.3.7

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-29f2-xku4-b7cs	Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 11.3.0 before 11.3.7.	CVE-2026-6367 GHSA-pw6f-3999-xp7g
VCID-mb8x-dcy7-5udu	Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7.	CVE-2026-6366 GHSA-xmjc-63pr-2mpg
VCID-saqq-4efb-affy	Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7.	CVE-2026-6365 GHSA-f3cj-mjqm-fhvj

Vulnerability

Summary

Aliases

VCID-29f2-xku4-b7cs

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 11.3.0 before 11.3.7.

CVE-2026-6367
GHSA-pw6f-3999-xp7g

VCID-mb8x-dcy7-5udu

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7.

CVE-2026-6366
GHSA-xmjc-63pr-2mpg

VCID-saqq-4efb-affy

CVE-2026-6365
GHSA-f3cj-mjqm-fhvj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T07:52:02.415512+00:00	GithubOSV Importer	Fixing	VCID-mb8x-dcy7-5udu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-xmjc-63pr-2mpg/GHSA-xmjc-63pr-2mpg.json	38.6.0
2026-06-12T07:51:58.437432+00:00	GithubOSV Importer	Fixing	VCID-29f2-xku4-b7cs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-pw6f-3999-xp7g/GHSA-pw6f-3999-xp7g.json	38.6.0
2026-06-12T07:51:52.156209+00:00	GithubOSV Importer	Fixing	VCID-saqq-4efb-affy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-f3cj-mjqm-fhvj/GHSA-f3cj-mjqm-fhvj.json	38.6.0
2026-06-11T20:38:47.121597+00:00	GHSA Importer	Fixing	VCID-29f2-xku4-b7cs	https://github.com/advisories/GHSA-pw6f-3999-xp7g	38.6.0
2026-06-11T20:38:47.075537+00:00	GHSA Importer	Fixing	VCID-mb8x-dcy7-5udu	https://github.com/advisories/GHSA-xmjc-63pr-2mpg	38.6.0
2026-06-11T20:38:47.015118+00:00	GHSA Importer	Fixing	VCID-saqq-4efb-affy	https://github.com/advisories/GHSA-f3cj-mjqm-fhvj	38.6.0