VulnerableCode Package Details - pkg:composer/drupal/core@8.6.0-alpha1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/drupal/core@8.6.0-alpha1

Essentials
History (9)

purl	pkg:composer/drupal/core@8.6.0-alpha1

Next non-vulnerable version	8.6.16
Latest non-vulnerable version	11.2.8
Risk	4.5

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-163u-tpj9-skc5 Aliases: GMS-2019-147	Cross-site Scripting vulnerability in drupal.	8.6.12 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-1jfe-j1fz-juec Aliases: GMS-2018-54	URL Redirection to Untrusted Site ('Open Redirect') Anonymous Open Redirect in drupal.	8.6.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-757r-nv73-gfhg Aliases: GMS-2018-55	Code Injection Injection in `DefaultMailSystem::mail()`.	8.6.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7qhc-n6hc-ukbu Aliases: CVE-2019-11831 GHSA-xv7v-rf6g-xwrc	Moderately critical - Third-party libraries - SA-CORE-2019-007 The `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.	8.6.16 Affected by 0 other vulnerabilities. 8.7.1 Affected by 0 other vulnerabilities.
VCID-j545-f44v-w3cn Aliases: CVE-2019-6339 GHSA-8cw5-rv98-5c46	Improper Input Validation A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.	8.6.6 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nfzm-eyht-kkb1 Aliases: GMS-2018-52	Improper Access Control in drupal.	8.6.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-re2h-u5bk-wqbw Aliases: GMS-2018-53	URL Redirection to Untrusted Site ('Open Redirect') External URL injection through URL aliases in drupal.	8.6.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vby4-6r8z-6qgy Aliases: GMS-2018-56	Improper Access Control In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.	8.6.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yy7m-f66v-fbhz Aliases: CVE-2019-6338 GHSA-6rmq-x2hv-vxpp	Deserialization of Untrusted Data Drupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.	8.6.6 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T09:56:15.038654+00:00	GitLab Importer	Affected by	VCID-7qhc-n6hc-ukbu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2019-11831.yml	38.6.0
2026-05-31T09:54:49.553650+00:00	GitLab Importer	Affected by	VCID-163u-tpj9-skc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GMS-2019-147.yml	38.6.0
2026-05-31T09:53:12.759671+00:00	GitLab Importer	Affected by	VCID-j545-f44v-w3cn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2019-6339.yml	38.6.0
2026-05-31T09:53:12.156440+00:00	GitLab Importer	Affected by	VCID-yy7m-f66v-fbhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2019-6338.yml	38.6.0
2026-05-31T09:51:24.238433+00:00	GitLab Importer	Affected by	VCID-757r-nv73-gfhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GMS-2018-55.yml	38.6.0
2026-05-31T09:51:18.509454+00:00	GitLab Importer	Affected by	VCID-nfzm-eyht-kkb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GMS-2018-52.yml	38.6.0
2026-05-31T09:51:17.604582+00:00	GitLab Importer	Affected by	VCID-1jfe-j1fz-juec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GMS-2018-54.yml	38.6.0
2026-05-31T09:51:11.328755+00:00	GitLab Importer	Affected by	VCID-re2h-u5bk-wqbw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GMS-2018-53.yml	38.6.0
2026-05-31T09:51:08.915249+00:00	GitLab Importer	Affected by	VCID-vby4-6r8z-6qgy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GMS-2018-56.yml	38.6.0