Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/drupal/core@8.7.0-alpha1
purl pkg:composer/drupal/core@8.7.0-alpha1
Next non-vulnerable version 10.4.9
Latest non-vulnerable version 11.3.7
Risk 4.0
Vulnerabilities affecting this package (35)
Vulnerability Summary Fixed by
VCID-2c5f-q858-huaw
Aliases:
CVE-2025-31674
GHSA-2qph-q8xw-gv7q
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
10.3.13
Affected by 5 other vulnerabilities.
10.4.3
Affected by 5 other vulnerabilities.
11.0.12
Affected by 5 other vulnerabilities.
11.1.3
Affected by 5 other vulnerabilities.
VCID-2fas-m6vh-myhc
Aliases:
CVE-2020-13677
GHSA-3xr3-phjp-g6p2
multiple issues
8.9.19
Affected by 23 other vulnerabilities.
9.1.13
Affected by 24 other vulnerabilities.
9.2.6
Affected by 27 other vulnerabilities.
VCID-2t34-82p3-73c3
Aliases:
CVE-2020-13676
GHSA-qfhg-m6r8-xxpj
multiple issues
8.9.19
Affected by 23 other vulnerabilities.
9.1.13
Affected by 24 other vulnerabilities.
9.2.6
Affected by 27 other vulnerabilities.
VCID-31qy-vagp-83b6
Aliases:
CVE-2020-13670
GHSA-mmjr-5q74-p3m4
Exposure of Resource to Wrong Sphere Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
8.8.10
Affected by 33 other vulnerabilities.
8.9.6
Affected by 34 other vulnerabilities.
9.0.6
Affected by 30 other vulnerabilities.
VCID-3pj1-y73r-vyhh
Aliases:
GHSA-7gwj-7fhm-vw4w
Drupal core unrestricted file upload Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file. After this fix, file_save_upload() now trims leading and trailing dots from filenames.
8.7.11
Affected by 35 other vulnerabilities.
8.8.1
Affected by 46 other vulnerabilities.
VCID-3xk4-qwaq-5yaj
Aliases:
CVE-2022-25278
GHSA-cfh2-7f6h-3m85
Improper Access Control Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
9.3.19
Affected by 18 other vulnerabilities.
9.4.3
Affected by 18 other vulnerabilities.
VCID-4p4c-7rdc-37fa
Aliases:
CVE-2024-45440
GHSA-mg8j-w93w-xjgc
Drupal Full Path Disclosure `core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.
10.2.9
Affected by 14 other vulnerabilities.
10.3.0-beta1
Affected by 8 other vulnerabilities.
10.3.6
Affected by 13 other vulnerabilities.
11.0.0-alpha1
Affected by 0 other vulnerabilities.
11.0.5
Affected by 12 other vulnerabilities.
VCID-4q59-j6u4-qfhk
Aliases:
GHSA-mh4h-27gq-cxwj
Drupal core Access bypass The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations. Solution: If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11. If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1. Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage. Alternatively, you may mitigate this vulnerability by unchecking the "Enable advanced UI" checkbox on `/admin/config/media/media-library`. (This mitigation is not available in 8.7.x.)
8.7.11
Affected by 35 other vulnerabilities.
8.8.1
Affected by 46 other vulnerabilities.
VCID-5jy9-mhbb-nuh7
Aliases:
CVE-2020-28948
GHSA-jh5x-hfhg-78jq
Deserialization of Untrusted Data Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
8.9.10
Affected by 30 other vulnerabilities.
9.0.0-alpha1
Affected by 23 other vulnerabilities.
9.0.9
Affected by 26 other vulnerabilities.
9.1.0-alpha1
Affected by 24 other vulnerabilities.
VCID-67w7-gq9f-ukf1
Aliases:
GHSA-pr99-c33p-fwf6
Drupal core Denial of Service A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.
8.7.11
Affected by 35 other vulnerabilities.
8.8.1
Affected by 46 other vulnerabilities.
VCID-6s93-1cpz-yyg8
Aliases:
GHSA-v273-j5hq-26xp
Drupal core uses a vulnerable Third-party library CKEditor The Drupal project uses the third-party library [CKEditor](https://github.com/ckeditor/ckeditor4), which has released a [security improvement](https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed) that is needed to protect some Drupal configurations. Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site's users. An attacker that can create or edit content may be able to exploit this Cross Site Scripting (XSS) vulnerability to target users with access to the WYSIWYG CKEditor, and this may include site admins with privileged access. The latest versions of Drupal update CKEditor to 4.14 to mitigate the vulnerabilities.
8.7.12
Affected by 33 other vulnerabilities.
8.8.4
Affected by 44 other vulnerabilities.
VCID-7v89-2sss-hfaz
Aliases:
CVE-2020-13674
GHSA-j586-cj67-vg4p
multiple issues
8.9.19
Affected by 23 other vulnerabilities.
9.1.13
Affected by 24 other vulnerabilities.
9.2.6
Affected by 27 other vulnerabilities.
VCID-a3s2-c4k2-4ufn
Aliases:
CVE-2025-13083
GHSA-mhpg-hpj5-73r2
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-a7ss-tkb6-gkge
Aliases:
CVE-2022-25275
GHSA-xh3v-6f9j-wxw3
GMS-2022-3362
Improper access control In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.
9.3.19
Affected by 18 other vulnerabilities.
9.4.3
Affected by 18 other vulnerabilities.
VCID-ard5-3cjv-1beu
Aliases:
CVE-2022-24775
GHSA-q7rv-6hp3-vh96
Improper Input Validation guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.
9.2.16
Affected by 24 other vulnerabilities.
9.3.0-alpha1
Affected by 22 other vulnerabilities.
9.3.9
Affected by 25 other vulnerabilities.
10.0.0-alpha1
Affected by 15 other vulnerabilities.
VCID-avmn-kqky-83dd
Aliases:
CVE-2020-13669
GHSA-c533-c843-67h8
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
8.8.10
Affected by 33 other vulnerabilities.
8.9.6
Affected by 34 other vulnerabilities.
9.0.6
Affected by 30 other vulnerabilities.
VCID-b8fw-ya7y-h7d8
Aliases:
CVE-2025-3057
GHSA-39g6-x4x8-5jcm
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
10.3.13
Affected by 5 other vulnerabilities.
10.4.3
Affected by 5 other vulnerabilities.
11.0.12
Affected by 5 other vulnerabilities.
11.1.3
Affected by 5 other vulnerabilities.
VCID-ckvk-xm4a-2qey
Aliases:
GHSA-98h9-727m-44qv
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar The Drupal project uses the third-party library [Archive_Tar](https://pear.php.net/package/Archive_Tar/), which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities.
8.7.11
Affected by 35 other vulnerabilities.
8.8.1
Affected by 46 other vulnerabilities.
VCID-dav9-pgdh-8yey
Aliases:
CVE-2020-13675
GHSA-v8wr-r69p-mmwx
multiple issues
8.9.19
Affected by 23 other vulnerabilities.
9.1.13
Affected by 24 other vulnerabilities.
9.2.6
Affected by 27 other vulnerabilities.
VCID-deks-ns51-nbdg
Aliases:
CVE-2025-31673
GHSA-wpp8-fjgf-pwc7
Drupal Core Vulnerable to Forceful Browsing Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
10.3.13
Affected by 5 other vulnerabilities.
10.4.3
Affected by 5 other vulnerabilities.
11.0.12
Affected by 5 other vulnerabilities.
11.1.3
Affected by 5 other vulnerabilities.
VCID-dyhz-g3nv-yuc3
Aliases:
CVE-2022-25276
GHSA-4wfq-jc9h-vpcx
Lack of domain validation in Druple core The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.
9.3.19
Affected by 18 other vulnerabilities.
9.4.3
Affected by 18 other vulnerabilities.
VCID-egtv-y9w1-skgr
Aliases:
CVE-2022-25273
GHSA-g36h-4jr6-qmm9
Improper Input Validation Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
9.2.18
Affected by 23 other vulnerabilities.
9.3.12
Affected by 23 other vulnerabilities.
VCID-hay8-hvsq-33bm
Aliases:
CVE-2025-31675
GHSA-m4wj-hhwj-47qp
Drupal Core Cross-Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.
10.3.14
Affected by 4 other vulnerabilities.
10.4.5
Affected by 4 other vulnerabilities.
11.0.13
Affected by 4 other vulnerabilities.
11.1.5
Affected by 4 other vulnerabilities.
VCID-hkch-a5yn-jyg1
Aliases:
CVE-2022-39261
GHSA-52m2-vc4m-jj33
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
9.3.22
Affected by 17 other vulnerabilities.
9.4.0-alpha1
Affected by 17 other vulnerabilities.
9.4.7
Affected by 17 other vulnerabilities.
9.5.0-beta1
Affected by 16 other vulnerabilities.
VCID-j7bj-atys-qfg3
Aliases:
CVE-2024-55634
GHSA-7cwc-fjqm-8vh8
Drupal core Access bypass Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
10.2.11
Affected by 8 other vulnerabilities.
10.3.9
Affected by 8 other vulnerabilities.
11.0.8
Affected by 8 other vulnerabilities.
VCID-kzrs-mrga-nyej
Aliases:
CVE-2025-13082
GHSA-h89p-5896-f4q8
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-nacy-y1qt-5yhb
Aliases:
CVE-2020-13668
GHSA-m6q5-wv4x-fv6h
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
8.8.10
Affected by 33 other vulnerabilities.
8.9.6
Affected by 34 other vulnerabilities.
9.0.6
Affected by 30 other vulnerabilities.
VCID-p54u-b18k-jyft
Aliases:
CVE-2025-13080
GHSA-83v7-c2cf-p9c2
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
VCID-pzp5-2bpz-jfe2
Aliases:
GHSA-vfgc-c76h-mwh4
Drupal core Cross-Site Scripting (XSS) vulnerabilities The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.
8.9.18
Affected by 27 other vulnerabilities.
9.1.12
Affected by 28 other vulnerabilities.
9.2.4
Affected by 31 other vulnerabilities.
VCID-rd4g-h1j9-23cb
Aliases:
CVE-2022-25277
GHSA-6955-67hm-vjjq
GMS-2022-3361
Unrestricted Upload of File with Dangerous Type Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously does not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.
9.3.19
Affected by 18 other vulnerabilities.
9.4.3
Affected by 18 other vulnerabilities.
VCID-t89y-c9hq-9bhk
Aliases:
GHSA-6ccv-8fgf-cjpw
GMS-2024-214
Drupal core Denial of Service vulnerability The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS). Sites that do not use the Comment module are not affected.
10.1.8
Affected by 15 other vulnerabilities.
10.2.2
Affected by 15 other vulnerabilities.
VCID-tpzm-u3qp-akc8
Aliases:
CVE-2020-13672
GHSA-3m36-mjwj-352c
multiple issues
8.9.14
Affected by 28 other vulnerabilities.
9.0.12
Affected by 24 other vulnerabilities.
9.1.7
Affected by 29 other vulnerabilities.
VCID-uq9s-79g7-rqh6
Aliases:
GHSA-gxxj-g9v8-w28p
Drupal core Arbitrary PHP code execution The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them. To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files.
8.8.12
Affected by 29 other vulnerabilities.
8.9.10
Affected by 30 other vulnerabilities.
9.0.9
Affected by 26 other vulnerabilities.
VCID-wsv7-je8g-sqet
Aliases:
CVE-2020-13671
GHSA-68jc-v27h-vhmw
Drupal core Unrestricted Upload of File with Dangerous Type Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
8.8.11
Affected by 32 other vulnerabilities.
8.9.9
Affected by 33 other vulnerabilities.
9.0.8
Affected by 29 other vulnerabilities.
VCID-yq4q-hydz-vuga
Aliases:
CVE-2025-13081
GHSA-m6vv-vcj8-w8m7
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
10.4.9
Affected by 0 other vulnerabilities.
10.5.6
Affected by 0 other vulnerabilities.
11.1.9
Affected by 0 other vulnerabilities.
11.2.8
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T06:20:26.366325+00:00 GitLab Importer Affected by VCID-yq4q-hydz-vuga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13081.yml 38.6.0
2026-06-06T06:20:23.175944+00:00 GitLab Importer Affected by VCID-a3s2-c4k2-4ufn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13083.yml 38.6.0
2026-06-06T06:20:19.895400+00:00 GitLab Importer Affected by VCID-p54u-b18k-jyft https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13080.yml 38.6.0
2026-06-06T06:20:15.956227+00:00 GitLab Importer Affected by VCID-kzrs-mrga-nyej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-13082.yml 38.6.0
2026-06-06T05:45:32.568896+00:00 GitLab Importer Affected by VCID-2c5f-q858-huaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml 38.6.0
2026-06-06T05:45:27.387130+00:00 GitLab Importer Affected by VCID-b8fw-ya7y-h7d8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml 38.6.0
2026-06-06T05:45:23.106092+00:00 GitLab Importer Affected by VCID-hay8-hvsq-33bm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml 38.6.0
2026-06-06T05:45:20.703413+00:00 GitLab Importer Affected by VCID-deks-ns51-nbdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml 38.6.0
2026-06-06T05:34:08.224305+00:00 GitLab Importer Affected by VCID-j7bj-atys-qfg3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-55634.yml 38.6.0
2026-06-06T05:20:45.920126+00:00 GitLab Importer Affected by VCID-4p4c-7rdc-37fa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml 38.6.0
2026-06-06T04:55:39.686900+00:00 GitLab Importer Affected by VCID-3pj1-y73r-vyhh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-7gwj-7fhm-vw4w.yml 38.6.0
2026-06-06T04:55:31.342832+00:00 GitLab Importer Affected by VCID-uq9s-79g7-rqh6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-gxxj-g9v8-w28p.yml 38.6.0
2026-06-06T04:55:25.026675+00:00 GitLab Importer Affected by VCID-ckvk-xm4a-2qey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-98h9-727m-44qv.yml 38.6.0
2026-06-06T04:54:44.618176+00:00 GitLab Importer Affected by VCID-67w7-gq9f-ukf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-pr99-c33p-fwf6.yml 38.6.0
2026-06-06T04:54:39.984733+00:00 GitLab Importer Affected by VCID-pzp5-2bpz-jfe2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-vfgc-c76h-mwh4.yml 38.6.0
2026-06-06T04:54:16.261412+00:00 GitLab Importer Affected by VCID-4q59-j6u4-qfhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-mh4h-27gq-cxwj.yml 38.6.0
2026-06-06T04:54:02.962778+00:00 GitLab Importer Affected by VCID-6s93-1cpz-yyg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-v273-j5hq-26xp.yml 38.6.0
2026-06-06T04:36:43.424365+00:00 GitLab Importer Affected by VCID-t89y-c9hq-9bhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GMS-2024-214.yml 38.6.0
2026-06-06T03:43:01.001979+00:00 GitLab Importer Affected by VCID-egtv-y9w1-skgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2022-25273.yml 38.6.0
2026-06-06T03:42:58.817453+00:00 GitLab Importer Affected by VCID-rd4g-h1j9-23cb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GMS-2022-3361.yml 38.6.0
2026-06-06T03:42:56.207368+00:00 GitLab Importer Affected by VCID-a7ss-tkb6-gkge https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GMS-2022-3362.yml 38.6.0
2026-06-06T03:42:38.405189+00:00 GitLab Importer Affected by VCID-3xk4-qwaq-5yaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2022-25278.yml 38.6.0
2026-06-06T03:42:33.843988+00:00 GitLab Importer Affected by VCID-dyhz-g3nv-yuc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2022-25276.yml 38.6.0
2026-06-06T03:00:57.973540+00:00 GitLab Importer Affected by VCID-hkch-a5yn-jyg1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2022-39261.yml 38.6.0
2026-06-06T01:37:14.148270+00:00 GitLab Importer Affected by VCID-ard5-3cjv-1beu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2022-24775.yml 38.6.0
2026-06-06T01:29:37.115160+00:00 GitLab Importer Affected by VCID-dav9-pgdh-8yey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-13675.yml 38.6.0
2026-06-06T01:29:34.384422+00:00 GitLab Importer Affected by VCID-7v89-2sss-hfaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-13674.yml 38.6.0
2026-06-06T01:29:31.982183+00:00 GitLab Importer Affected by VCID-nacy-y1qt-5yhb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-13668.yml 38.6.0
2026-06-06T01:29:29.641299+00:00 GitLab Importer Affected by VCID-avmn-kqky-83dd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-13669.yml 38.6.0
2026-06-06T01:29:27.158855+00:00 GitLab Importer Affected by VCID-tpzm-u3qp-akc8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-13672.yml 38.6.0
2026-06-06T01:29:22.307953+00:00 GitLab Importer Affected by VCID-2fas-m6vh-myhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-13677.yml 38.6.0
2026-06-06T01:29:19.454538+00:00 GitLab Importer Affected by VCID-31qy-vagp-83b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-13670.yml 38.6.0
2026-06-06T01:29:12.024567+00:00 GitLab Importer Affected by VCID-2t34-82p3-73c3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-13676.yml 38.6.0
2026-06-06T01:02:40.194276+00:00 GitLab Importer Affected by VCID-wsv7-je8g-sqet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-13671.yml 38.6.0
2026-06-04T20:41:33.561747+00:00 GitLab Importer Affected by VCID-5jy9-mhbb-nuh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-28948.yml 38.6.0