VulnerableCode Package Details - pkg:composer/drupal/core@9.1.0-alpha1

Search for packages

Vulnerability	Summary	Fixed by
VCID-5qvn-f9d3-kygg Aliases: CVE-2022-39261 GHSA-52m2-vc4m-jj33		9.4.0-alpha1 Affected by 0 other vulnerabilities. 9.5.0-beta1 Affected by 0 other vulnerabilities.
VCID-b2x6-54c3-jqa2 Aliases: CVE-2022-24775 GHSA-q7rv-6hp3-vh96	Improper Input Validation guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.	10.0.0-alpha1 Affected by 0 other vulnerabilities. 9.3.0-alpha1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 9.2.16 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.3.9 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-5qvn-f9d3-kygg
Aliases:
CVE-2022-39261
GHSA-52m2-vc4m-jj33

9.4.0-alpha1
Affected by 0 other vulnerabilities.

9.5.0-beta1
Affected by 0 other vulnerabilities.

VCID-b2x6-54c3-jqa2
Aliases:
CVE-2022-24775
GHSA-q7rv-6hp3-vh96

Improper Input Validation guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.

10.0.0-alpha1
Affected by 0 other vulnerabilities.

9.3.0-alpha1
Affected by 1 other vulnerability.

9.2.16
Affected by 2 other vulnerabilities.

9.3.9
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-gaay-gs4k-5fba		CVE-2020-28949 GHSA-75c5-f4gw-38r9
VCID-swh1-rvuw-jqfx		CVE-2020-28948 GHSA-jh5x-hfhg-78jq
VCID-ze3s-89wm-2kg2	multiple issues	CVE-2020-36193 GHSA-rpw6-9xfx-jvcx

Vulnerability

Summary

Aliases

VCID-gaay-gs4k-5fba

CVE-2020-28949
GHSA-75c5-f4gw-38r9

VCID-swh1-rvuw-jqfx

CVE-2020-28948
GHSA-jh5x-hfhg-78jq

VCID-ze3s-89wm-2kg2

multiple issues

CVE-2020-36193
GHSA-rpw6-9xfx-jvcx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T07:05:46.376536+00:00	GitLab Importer	Affected by	VCID-5qvn-f9d3-kygg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2022-39261.yml	38.6.0
2026-06-01T06:33:48.410105+00:00	GitLab Importer	Affected by	VCID-b2x6-54c3-jqa2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2022-24775.yml	38.6.0
2026-06-01T06:00:52.122211+00:00	GitLab Importer	Fixing	VCID-ze3s-89wm-2kg2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-36193.yml	38.6.0
2026-06-01T05:59:04.431485+00:00	GitLab Importer	Fixing	VCID-gaay-gs4k-5fba	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-28949.yml	38.6.0
2026-06-01T05:59:02.812561+00:00	GitLab Importer	Fixing	VCID-swh1-rvuw-jqfx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2020-28948.yml	38.6.0