Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/drupal/drupal@6.20.0
purl pkg:composer/drupal/drupal@6.20.0
Tags Ghost
Next non-vulnerable version 10.2.11
Latest non-vulnerable version 11.0.8
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-8b29-85h4-zkhc
Aliases:
CVE-2011-2715
GHSA-hcq9-hmgf-6qr9
Drupal SQL Injection vulnerability An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
8.0.0
Affected by 77 other vulnerabilities.
VCID-t5xa-hsz5-mbh5
Aliases:
CVE-2011-2714
GHSA-qp8q-gwf5-hqh2
Drupal Cross-Site Scripting vulnerability A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
8.0.0
Affected by 77 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T12:36:18.593640+00:00 GitLab Importer Affected by VCID-t5xa-hsz5-mbh5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2011-2714.yml 38.0.0
2026-04-02T12:36:18.521949+00:00 GitLab Importer Affected by VCID-8b29-85h4-zkhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2011-2715.yml 38.0.0