Search for packages
| purl | pkg:composer/drupal/core@7.40.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9wt5-xe6d-n3cb
Aliases: CVE-2016-3164 GHSA-836p-6p4j-35cg |
Open redirect via path manipulation Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation. |
Affected by 0 other vulnerabilities. Affected by 81 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-kwe1-gm4m-tkgf
Aliases: CVE-2016-9451 GHSA-66gr-xrcf-8jpq |
URL Redirection to Untrusted Site (Open Redirect) Confirmation forms in Drupal make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. |
Affected by 0 other vulnerabilities. Affected by 95 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 72 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-we42-mkyk-hfer
Aliases: CVE-2016-3169 GHSA-q3p9-8728-wq7x |
Saving user accounts can sometimes grant the user all roles The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array. |
Affected by 0 other vulnerabilities. Affected by 95 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:47:07.182822+00:00 | GitLab Importer | Affected by | VCID-kwe1-gm4m-tkgf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2016-9451.yml | 38.0.0 |
| 2026-04-01T12:47:02.384625+00:00 | GitLab Importer | Affected by | VCID-9wt5-xe6d-n3cb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2016-3164.yml | 38.0.0 |
| 2026-04-01T12:47:02.050586+00:00 | GitLab Importer | Affected by | VCID-we42-mkyk-hfer | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2016-3169.yml | 38.0.0 |