Search for packages
| purl | pkg:composer/drupal/core@6.37.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9wt5-xe6d-n3cb
Aliases: CVE-2016-3164 GHSA-836p-6p4j-35cg |
Open redirect via path manipulation Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 81 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-tk6t-srar-h7a8
Aliases: CVE-2016-3165 GHSA-4gh5-3hqj-x3pj |
Improper Access Control The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has `#access` set to `FALSE` in the server-side form definition. |
Affected by 0 other vulnerabilities. Affected by 95 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-we42-mkyk-hfer
Aliases: CVE-2016-3169 GHSA-q3p9-8728-wq7x |
Saving user accounts can sometimes grant the user all roles The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 95 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:47:02.378435+00:00 | GitLab Importer | Affected by | VCID-9wt5-xe6d-n3cb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2016-3164.yml | 38.0.0 |
| 2026-04-01T12:47:02.202076+00:00 | GitLab Importer | Affected by | VCID-tk6t-srar-h7a8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2016-3165.yml | 38.0.0 |
| 2026-04-01T12:47:02.044465+00:00 | GitLab Importer | Affected by | VCID-we42-mkyk-hfer | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2016-3169.yml | 38.0.0 |