Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/drupal@8.0-alpha12
Typecomposer
Namespacedrupal
Namedrupal
Version8.0-alpha12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.2.11
Latest_non_vulnerable_version11.0.8
Affected_by_vulnerabilities
0
url VCID-3hf4-tvxn-zyh4
vulnerability_id VCID-3hf4-tvxn-zyh4
summary 
Files uploaded by anonymous users accessed by other users
Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core does not provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6922
reference_id
reference_type
scores
0
value 0.01788
scoring_system epss
scoring_elements 0.82674
published_at 2026-04-01T12:55:00Z
1
value 0.01788
scoring_system epss
scoring_elements 0.8274
published_at 2026-04-13T12:55:00Z
2
value 0.01788
scoring_system epss
scoring_elements 0.82744
published_at 2026-04-12T12:55:00Z
3
value 0.01788
scoring_system epss
scoring_elements 0.82749
published_at 2026-04-11T12:55:00Z
4
value 0.01788
scoring_system epss
scoring_elements 0.82732
published_at 2026-04-09T12:55:00Z
5
value 0.01788
scoring_system epss
scoring_elements 0.82726
published_at 2026-04-08T12:55:00Z
6
value 0.01788
scoring_system epss
scoring_elements 0.827
published_at 2026-04-07T12:55:00Z
7
value 0.01788
scoring_system epss
scoring_elements 0.82704
published_at 2026-04-04T12:55:00Z
8
value 0.01788
scoring_system epss
scoring_elements 0.8269
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6922
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6922
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6922
6
reference_url https://www.debian.org/security/2017/dsa-3897
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-3897
7
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
8
reference_url https://www.drupal.org/SA-CORE-2017-003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-003
9
reference_url http://www.securityfocus.com/bid/99219
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99219
10
reference_url http://www.securitytracker.com/id/1038781
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038781
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
14
reference_url https://github.com/advisories/GHSA-58f3-cx8p-h8jg
reference_id GHSA-58f3-cx8p-h8jg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-58f3-cx8p-h8jg
fixed_packages
0
url pkg:composer/drupal/drupal@8.3.4
purl pkg:composer/drupal/drupal@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-48ut-ykkc-83fx
3
vulnerability VCID-4aer-46u2-23f6
4
vulnerability VCID-565p-mgqe-gkfc
5
vulnerability VCID-5tqs-qmqn-gug5
6
vulnerability VCID-636u-5bdw-puh4
7
vulnerability VCID-6ck5-9e5b-w3ay
8
vulnerability VCID-6m8x-cfzp-tkf4
9
vulnerability VCID-8nda-kjr2-ufd4
10
vulnerability VCID-9f24-vqyt-r7dq
11
vulnerability VCID-9vdz-1jpq-kue3
12
vulnerability VCID-bbzr-hbhv-yyee
13
vulnerability VCID-c9dm-17vt-4bbc
14
vulnerability VCID-cucx-jfqf-pkd1
15
vulnerability VCID-dgjq-y5zj-cud1
16
vulnerability VCID-g1rp-twzp-63e1
17
vulnerability VCID-ga35-289v-vqhr
18
vulnerability VCID-gzcu-sbks-wyfa
19
vulnerability VCID-jfq8-xxwa-mkd1
20
vulnerability VCID-jnu7-1j9c-dqck
21
vulnerability VCID-k1gx-nznx-7qd6
22
vulnerability VCID-kh51-g4cv-tqaw
23
vulnerability VCID-mapb-hsvc-2khc
24
vulnerability VCID-n119-gta2-kfg1
25
vulnerability VCID-n7un-zgqv-jfef
26
vulnerability VCID-nc36-atc6-yua6
27
vulnerability VCID-nd8n-5dsu-2fbp
28
vulnerability VCID-pk74-yy1n-8qck
29
vulnerability VCID-r8pv-9upr-y7gd
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-rr4q-f5cv-nkah
32
vulnerability VCID-s9kv-9qfu-gbdq
33
vulnerability VCID-t84c-8r34-57b9
34
vulnerability VCID-ty3y-k9t2-qyba
35
vulnerability VCID-u1xx-aazv-bkg5
36
vulnerability VCID-u4w3-usvb-jyf6
37
vulnerability VCID-uqcw-p8g2-cfd2
38
vulnerability VCID-utyg-huhu-2ucq
39
vulnerability VCID-vevm-4sfk-f7gq
40
vulnerability VCID-vq5y-hdw3-nucj
41
vulnerability VCID-w3q4-838v-97ck
42
vulnerability VCID-wbuz-qcp3-43aq
43
vulnerability VCID-wbvy-zrtk-audw
44
vulnerability VCID-ww44-hb2y-mfd5
45
vulnerability VCID-wwvq-399y-rfhc
46
vulnerability VCID-yare-57j9-j7cs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4
aliases CVE-2017-6922, GHSA-58f3-cx8p-h8jg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hf4-tvxn-zyh4
1
url VCID-48ut-ykkc-83fx
vulnerability_id VCID-48ut-ykkc-83fx
summary 
Comment reply form allows access to restricted content
Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6926
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58547
published_at 2026-04-13T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58437
published_at 2026-04-01T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58522
published_at 2026-04-02T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58542
published_at 2026-04-04T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58512
published_at 2026-04-07T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58564
published_at 2026-04-08T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58571
published_at 2026-04-09T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58587
published_at 2026-04-11T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.58567
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6926
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6926
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6926
6
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
7
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
8
reference_url https://github.com/advisories/GHSA-2p28-5mvp-2j2r
reference_id GHSA-2p28-5mvp-2j2r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2p28-5mvp-2j2r
fixed_packages
0
url pkg:composer/drupal/drupal@8.4.5
purl pkg:composer/drupal/drupal@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-4aer-46u2-23f6
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5tqs-qmqn-gug5
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-8nda-kjr2-ufd4
9
vulnerability VCID-9vdz-1jpq-kue3
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-c9dm-17vt-4bbc
12
vulnerability VCID-cucx-jfqf-pkd1
13
vulnerability VCID-dgjq-y5zj-cud1
14
vulnerability VCID-ga35-289v-vqhr
15
vulnerability VCID-gzcu-sbks-wyfa
16
vulnerability VCID-jfq8-xxwa-mkd1
17
vulnerability VCID-k1gx-nznx-7qd6
18
vulnerability VCID-kh51-g4cv-tqaw
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n119-gta2-kfg1
21
vulnerability VCID-n7un-zgqv-jfef
22
vulnerability VCID-nc36-atc6-yua6
23
vulnerability VCID-nd8n-5dsu-2fbp
24
vulnerability VCID-pk74-yy1n-8qck
25
vulnerability VCID-r8pv-9upr-y7gd
26
vulnerability VCID-rhj7-dy7q-jkhw
27
vulnerability VCID-rr4q-f5cv-nkah
28
vulnerability VCID-t84c-8r34-57b9
29
vulnerability VCID-ty3y-k9t2-qyba
30
vulnerability VCID-u1xx-aazv-bkg5
31
vulnerability VCID-u4w3-usvb-jyf6
32
vulnerability VCID-uqcw-p8g2-cfd2
33
vulnerability VCID-utyg-huhu-2ucq
34
vulnerability VCID-vevm-4sfk-f7gq
35
vulnerability VCID-vq5y-hdw3-nucj
36
vulnerability VCID-w3q4-838v-97ck
37
vulnerability VCID-wbuz-qcp3-43aq
38
vulnerability VCID-wbvy-zrtk-audw
39
vulnerability VCID-ww44-hb2y-mfd5
40
vulnerability VCID-wwvq-399y-rfhc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5
aliases CVE-2017-6926, GHSA-2p28-5mvp-2j2r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48ut-ykkc-83fx
2
url VCID-4wwt-vt76-dbe1
vulnerability_id VCID-4wwt-vt76-dbe1
summary 
Cross-site Scripting in HTTP exceptions
An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7571
reference_id
reference_type
scores
0
value 0.0039
scoring_system epss
scoring_elements 0.6002
published_at 2026-04-02T12:55:00Z
1
value 0.0039
scoring_system epss
scoring_elements 0.60045
published_at 2026-04-04T12:55:00Z
2
value 0.0039
scoring_system epss
scoring_elements 0.59943
published_at 2026-04-01T12:55:00Z
3
value 0.0039
scoring_system epss
scoring_elements 0.60068
published_at 2026-04-13T12:55:00Z
4
value 0.0039
scoring_system epss
scoring_elements 0.60085
published_at 2026-04-12T12:55:00Z
5
value 0.0039
scoring_system epss
scoring_elements 0.601
published_at 2026-04-11T12:55:00Z
6
value 0.0039
scoring_system epss
scoring_elements 0.60079
published_at 2026-04-09T12:55:00Z
7
value 0.0039
scoring_system epss
scoring_elements 0.60065
published_at 2026-04-08T12:55:00Z
8
value 0.0039
scoring_system epss
scoring_elements 0.60015
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7571
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7571
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7571
5
reference_url https://www.drupal.org/SA-CORE-2016-004
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-004
6
reference_url http://www.securityfocus.com/bid/93101
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/93101
7
reference_url http://www.securitytracker.com/id/1036886
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1036886
8
reference_url https://github.com/advisories/GHSA-vhg8-x858-7wq6
reference_id GHSA-vhg8-x858-7wq6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vhg8-x858-7wq6
fixed_packages
0
url pkg:composer/drupal/drupal@8.1.10
purl pkg:composer/drupal/drupal@8.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1922-fwnz-wkbt
1
vulnerability VCID-349d-w26k-mqfw
2
vulnerability VCID-3fka-y25d-m7a3
3
vulnerability VCID-3hf4-tvxn-zyh4
4
vulnerability VCID-48ut-ykkc-83fx
5
vulnerability VCID-4aer-46u2-23f6
6
vulnerability VCID-565p-mgqe-gkfc
7
vulnerability VCID-5tqs-qmqn-gug5
8
vulnerability VCID-636u-5bdw-puh4
9
vulnerability VCID-6ck5-9e5b-w3ay
10
vulnerability VCID-6m8x-cfzp-tkf4
11
vulnerability VCID-8nda-kjr2-ufd4
12
vulnerability VCID-9f24-vqyt-r7dq
13
vulnerability VCID-9vdz-1jpq-kue3
14
vulnerability VCID-bbzr-hbhv-yyee
15
vulnerability VCID-c9dm-17vt-4bbc
16
vulnerability VCID-cucx-jfqf-pkd1
17
vulnerability VCID-d4qd-ut89-gbf4
18
vulnerability VCID-dgjq-y5zj-cud1
19
vulnerability VCID-fm5k-u7s6-wfhb
20
vulnerability VCID-g1rp-twzp-63e1
21
vulnerability VCID-ga35-289v-vqhr
22
vulnerability VCID-gzcu-sbks-wyfa
23
vulnerability VCID-hzr8-ttbu-ebhg
24
vulnerability VCID-jfq8-xxwa-mkd1
25
vulnerability VCID-jnu7-1j9c-dqck
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kh51-g4cv-tqaw
28
vulnerability VCID-krhy-kg1b-rfbk
29
vulnerability VCID-mapb-hsvc-2khc
30
vulnerability VCID-n119-gta2-kfg1
31
vulnerability VCID-n7un-zgqv-jfef
32
vulnerability VCID-nc36-atc6-yua6
33
vulnerability VCID-nd8n-5dsu-2fbp
34
vulnerability VCID-pk74-yy1n-8qck
35
vulnerability VCID-r8pv-9upr-y7gd
36
vulnerability VCID-rhj7-dy7q-jkhw
37
vulnerability VCID-rr4q-f5cv-nkah
38
vulnerability VCID-s9kv-9qfu-gbdq
39
vulnerability VCID-sktb-khbq-cuaq
40
vulnerability VCID-t84c-8r34-57b9
41
vulnerability VCID-ty3y-k9t2-qyba
42
vulnerability VCID-u1xx-aazv-bkg5
43
vulnerability VCID-u4w3-usvb-jyf6
44
vulnerability VCID-uqcw-p8g2-cfd2
45
vulnerability VCID-utyg-huhu-2ucq
46
vulnerability VCID-vevm-4sfk-f7gq
47
vulnerability VCID-vq5y-hdw3-nucj
48
vulnerability VCID-vy1y-zkf3-4ue4
49
vulnerability VCID-w3q4-838v-97ck
50
vulnerability VCID-wbuz-qcp3-43aq
51
vulnerability VCID-wbvy-zrtk-audw
52
vulnerability VCID-ww44-hb2y-mfd5
53
vulnerability VCID-wwvq-399y-rfhc
54
vulnerability VCID-y74s-ghyc-2bhs
55
vulnerability VCID-yare-57j9-j7cs
56
vulnerability VCID-ymka-jfep-87gt
57
vulnerability VCID-yrzt-3m97-53ce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10
aliases CVE-2016-7571, GHSA-vhg8-x858-7wq6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4wwt-vt76-dbe1
3
url VCID-636u-5bdw-puh4
vulnerability_id VCID-636u-5bdw-puh4
summary 
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
reference_id
reference_type
scores
0
value 0.00369
scoring_system epss
scoring_elements 0.58747
published_at 2026-04-02T12:55:00Z
1
value 0.00369
scoring_system epss
scoring_elements 0.58776
published_at 2026-04-13T12:55:00Z
2
value 0.00369
scoring_system epss
scoring_elements 0.58814
published_at 2026-04-11T12:55:00Z
3
value 0.00369
scoring_system epss
scoring_elements 0.58795
published_at 2026-04-12T12:55:00Z
4
value 0.00369
scoring_system epss
scoring_elements 0.58788
published_at 2026-04-08T12:55:00Z
5
value 0.00369
scoring_system epss
scoring_elements 0.58736
published_at 2026-04-07T12:55:00Z
6
value 0.00369
scoring_system epss
scoring_elements 0.58768
published_at 2026-04-04T12:55:00Z
7
value 0.00369
scoring_system epss
scoring_elements 0.58663
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
13
reference_url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
14
reference_url https://www.drupal.org/sa-core-2019-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-005
15
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
17
reference_url https://symfony.com/cve-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10909
18
reference_url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
reference_id CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
19
reference_url https://github.com/advisories/GHSA-g996-q5r8-w7g2
reference_id GHSA-g996-q5r8-w7g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g996-q5r8-w7g2
fixed_packages
0
url pkg:composer/drupal/drupal@8.5.15
purl pkg:composer/drupal/drupal@8.5.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-6ck5-9e5b-w3ay
2
vulnerability VCID-6m8x-cfzp-tkf4
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-jfq8-xxwa-mkd1
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-kh51-g4cv-tqaw
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n119-gta2-kfg1
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-pk74-yy1n-8qck
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-ty3y-k9t2-qyba
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-uqcw-p8g2-cfd2
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-w3q4-838v-97ck
18
vulnerability VCID-wbuz-qcp3-43aq
19
vulnerability VCID-wbvy-zrtk-audw
20
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.15
1
url pkg:composer/drupal/drupal@8.6.15
purl pkg:composer/drupal/drupal@8.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-6ck5-9e5b-w3ay
2
vulnerability VCID-6m8x-cfzp-tkf4
3
vulnerability VCID-bbzr-hbhv-yyee
4
vulnerability VCID-dgjq-y5zj-cud1
5
vulnerability VCID-jfq8-xxwa-mkd1
6
vulnerability VCID-k1gx-nznx-7qd6
7
vulnerability VCID-kh51-g4cv-tqaw
8
vulnerability VCID-mapb-hsvc-2khc
9
vulnerability VCID-n119-gta2-kfg1
10
vulnerability VCID-n7un-zgqv-jfef
11
vulnerability VCID-pk74-yy1n-8qck
12
vulnerability VCID-r8pv-9upr-y7gd
13
vulnerability VCID-ty3y-k9t2-qyba
14
vulnerability VCID-u4w3-usvb-jyf6
15
vulnerability VCID-uqcw-p8g2-cfd2
16
vulnerability VCID-vevm-4sfk-f7gq
17
vulnerability VCID-w3q4-838v-97ck
18
vulnerability VCID-wbuz-qcp3-43aq
19
vulnerability VCID-wbvy-zrtk-audw
20
vulnerability VCID-ww44-hb2y-mfd5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.15
aliases CVE-2019-10909, GHSA-g996-q5r8-w7g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-636u-5bdw-puh4
4
url VCID-9f24-vqyt-r7dq
vulnerability_id VCID-9f24-vqyt-r7dq
summary 
Language fallback can be incorrect on multilingual sites with node access restrictions
When using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records(). Note that the update will mark the node access tables as needing a rebuild, which will take a long time on sites with a large number of nodes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6930
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.6218
published_at 2026-04-13T12:55:00Z
1
value 0.00424
scoring_system epss
scoring_elements 0.62065
published_at 2026-04-01T12:55:00Z
2
value 0.00424
scoring_system epss
scoring_elements 0.62125
published_at 2026-04-02T12:55:00Z
3
value 0.00424
scoring_system epss
scoring_elements 0.62156
published_at 2026-04-04T12:55:00Z
4
value 0.00424
scoring_system epss
scoring_elements 0.62126
published_at 2026-04-07T12:55:00Z
5
value 0.00424
scoring_system epss
scoring_elements 0.62176
published_at 2026-04-08T12:55:00Z
6
value 0.00424
scoring_system epss
scoring_elements 0.62194
published_at 2026-04-09T12:55:00Z
7
value 0.00424
scoring_system epss
scoring_elements 0.62211
published_at 2026-04-11T12:55:00Z
8
value 0.00424
scoring_system epss
scoring_elements 0.62201
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6930
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6930
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6930
5
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
6
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
7
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930
8
reference_url https://github.com/advisories/GHSA-3327-jr93-7hq3
reference_id GHSA-3327-jr93-7hq3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3327-jr93-7hq3
fixed_packages
0
url pkg:composer/drupal/drupal@8.4.5
purl pkg:composer/drupal/drupal@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-4aer-46u2-23f6
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5tqs-qmqn-gug5
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-8nda-kjr2-ufd4
9
vulnerability VCID-9vdz-1jpq-kue3
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-c9dm-17vt-4bbc
12
vulnerability VCID-cucx-jfqf-pkd1
13
vulnerability VCID-dgjq-y5zj-cud1
14
vulnerability VCID-ga35-289v-vqhr
15
vulnerability VCID-gzcu-sbks-wyfa
16
vulnerability VCID-jfq8-xxwa-mkd1
17
vulnerability VCID-k1gx-nznx-7qd6
18
vulnerability VCID-kh51-g4cv-tqaw
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n119-gta2-kfg1
21
vulnerability VCID-n7un-zgqv-jfef
22
vulnerability VCID-nc36-atc6-yua6
23
vulnerability VCID-nd8n-5dsu-2fbp
24
vulnerability VCID-pk74-yy1n-8qck
25
vulnerability VCID-r8pv-9upr-y7gd
26
vulnerability VCID-rhj7-dy7q-jkhw
27
vulnerability VCID-rr4q-f5cv-nkah
28
vulnerability VCID-t84c-8r34-57b9
29
vulnerability VCID-ty3y-k9t2-qyba
30
vulnerability VCID-u1xx-aazv-bkg5
31
vulnerability VCID-u4w3-usvb-jyf6
32
vulnerability VCID-uqcw-p8g2-cfd2
33
vulnerability VCID-utyg-huhu-2ucq
34
vulnerability VCID-vevm-4sfk-f7gq
35
vulnerability VCID-vq5y-hdw3-nucj
36
vulnerability VCID-w3q4-838v-97ck
37
vulnerability VCID-wbuz-qcp3-43aq
38
vulnerability VCID-wbvy-zrtk-audw
39
vulnerability VCID-ww44-hb2y-mfd5
40
vulnerability VCID-wwvq-399y-rfhc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5
aliases CVE-2017-6930, GHSA-3327-jr93-7hq3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9f24-vqyt-r7dq
5
url VCID-hzr8-ttbu-ebhg
vulnerability_id VCID-hzr8-ttbu-ebhg
summary 
PECL YAML parser unsafe object handling
PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This can lead to remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6920
reference_id
reference_type
scores
0
value 0.66148
scoring_system epss
scoring_elements 0.98509
published_at 2026-04-02T12:55:00Z
1
value 0.66148
scoring_system epss
scoring_elements 0.98518
published_at 2026-04-13T12:55:00Z
2
value 0.66148
scoring_system epss
scoring_elements 0.98516
published_at 2026-04-09T12:55:00Z
3
value 0.66148
scoring_system epss
scoring_elements 0.98515
published_at 2026-04-08T12:55:00Z
4
value 0.66148
scoring_system epss
scoring_elements 0.98512
published_at 2026-04-07T12:55:00Z
5
value 0.66148
scoring_system epss
scoring_elements 0.98511
published_at 2026-04-04T12:55:00Z
6
value 0.66148
scoring_system epss
scoring_elements 0.98507
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6920
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6920
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6920
5
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
6
reference_url https://www.drupal.org/SA-CORE-2017-003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-003
7
reference_url http://www.securityfocus.com/bid/99211
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99211
8
reference_url http://www.securitytracker.com/id/1038781
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038781
9
reference_url https://github.com/advisories/GHSA-9c24-g32g-35rj
reference_id GHSA-9c24-g32g-35rj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c24-g32g-35rj
fixed_packages
0
url pkg:composer/drupal/drupal@8.3.4
purl pkg:composer/drupal/drupal@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-48ut-ykkc-83fx
3
vulnerability VCID-4aer-46u2-23f6
4
vulnerability VCID-565p-mgqe-gkfc
5
vulnerability VCID-5tqs-qmqn-gug5
6
vulnerability VCID-636u-5bdw-puh4
7
vulnerability VCID-6ck5-9e5b-w3ay
8
vulnerability VCID-6m8x-cfzp-tkf4
9
vulnerability VCID-8nda-kjr2-ufd4
10
vulnerability VCID-9f24-vqyt-r7dq
11
vulnerability VCID-9vdz-1jpq-kue3
12
vulnerability VCID-bbzr-hbhv-yyee
13
vulnerability VCID-c9dm-17vt-4bbc
14
vulnerability VCID-cucx-jfqf-pkd1
15
vulnerability VCID-dgjq-y5zj-cud1
16
vulnerability VCID-g1rp-twzp-63e1
17
vulnerability VCID-ga35-289v-vqhr
18
vulnerability VCID-gzcu-sbks-wyfa
19
vulnerability VCID-jfq8-xxwa-mkd1
20
vulnerability VCID-jnu7-1j9c-dqck
21
vulnerability VCID-k1gx-nznx-7qd6
22
vulnerability VCID-kh51-g4cv-tqaw
23
vulnerability VCID-mapb-hsvc-2khc
24
vulnerability VCID-n119-gta2-kfg1
25
vulnerability VCID-n7un-zgqv-jfef
26
vulnerability VCID-nc36-atc6-yua6
27
vulnerability VCID-nd8n-5dsu-2fbp
28
vulnerability VCID-pk74-yy1n-8qck
29
vulnerability VCID-r8pv-9upr-y7gd
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-rr4q-f5cv-nkah
32
vulnerability VCID-s9kv-9qfu-gbdq
33
vulnerability VCID-t84c-8r34-57b9
34
vulnerability VCID-ty3y-k9t2-qyba
35
vulnerability VCID-u1xx-aazv-bkg5
36
vulnerability VCID-u4w3-usvb-jyf6
37
vulnerability VCID-uqcw-p8g2-cfd2
38
vulnerability VCID-utyg-huhu-2ucq
39
vulnerability VCID-vevm-4sfk-f7gq
40
vulnerability VCID-vq5y-hdw3-nucj
41
vulnerability VCID-w3q4-838v-97ck
42
vulnerability VCID-wbuz-qcp3-43aq
43
vulnerability VCID-wbvy-zrtk-audw
44
vulnerability VCID-ww44-hb2y-mfd5
45
vulnerability VCID-wwvq-399y-rfhc
46
vulnerability VCID-yare-57j9-j7cs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4
aliases CVE-2017-6920, GHSA-9c24-g32g-35rj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzr8-ttbu-ebhg
6
url VCID-jnu7-1j9c-dqck
vulnerability_id VCID-jnu7-1j9c-dqck
summary 
JavaScript cross-site scripting prevention is incomplete
Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6927
reference_id
reference_type
scores
0
value 0.0139
scoring_system epss
scoring_elements 0.80305
published_at 2026-04-02T12:55:00Z
1
value 0.0139
scoring_system epss
scoring_elements 0.80325
published_at 2026-04-04T12:55:00Z
2
value 0.0139
scoring_system epss
scoring_elements 0.80297
published_at 2026-04-01T12:55:00Z
3
value 0.0139
scoring_system epss
scoring_elements 0.8035
published_at 2026-04-13T12:55:00Z
4
value 0.0139
scoring_system epss
scoring_elements 0.80356
published_at 2026-04-12T12:55:00Z
5
value 0.0139
scoring_system epss
scoring_elements 0.80371
published_at 2026-04-11T12:55:00Z
6
value 0.0139
scoring_system epss
scoring_elements 0.80352
published_at 2026-04-09T12:55:00Z
7
value 0.0139
scoring_system epss
scoring_elements 0.80341
published_at 2026-04-08T12:55:00Z
8
value 0.0139
scoring_system epss
scoring_elements 0.80313
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6927
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932
5
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6927
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6927
10
reference_url https://www.debian.org/security/2018/dsa-4123
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4123
11
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
12
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
13
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927
14
reference_url http://www.securityfocus.com/bid/103138
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103138
15
reference_url https://github.com/advisories/GHSA-585j-5449-mf5m
reference_id GHSA-585j-5449-mf5m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-585j-5449-mf5m
fixed_packages
0
url pkg:composer/drupal/drupal@8.4.5
purl pkg:composer/drupal/drupal@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-4aer-46u2-23f6
3
vulnerability VCID-565p-mgqe-gkfc
4
vulnerability VCID-5tqs-qmqn-gug5
5
vulnerability VCID-636u-5bdw-puh4
6
vulnerability VCID-6ck5-9e5b-w3ay
7
vulnerability VCID-6m8x-cfzp-tkf4
8
vulnerability VCID-8nda-kjr2-ufd4
9
vulnerability VCID-9vdz-1jpq-kue3
10
vulnerability VCID-bbzr-hbhv-yyee
11
vulnerability VCID-c9dm-17vt-4bbc
12
vulnerability VCID-cucx-jfqf-pkd1
13
vulnerability VCID-dgjq-y5zj-cud1
14
vulnerability VCID-ga35-289v-vqhr
15
vulnerability VCID-gzcu-sbks-wyfa
16
vulnerability VCID-jfq8-xxwa-mkd1
17
vulnerability VCID-k1gx-nznx-7qd6
18
vulnerability VCID-kh51-g4cv-tqaw
19
vulnerability VCID-mapb-hsvc-2khc
20
vulnerability VCID-n119-gta2-kfg1
21
vulnerability VCID-n7un-zgqv-jfef
22
vulnerability VCID-nc36-atc6-yua6
23
vulnerability VCID-nd8n-5dsu-2fbp
24
vulnerability VCID-pk74-yy1n-8qck
25
vulnerability VCID-r8pv-9upr-y7gd
26
vulnerability VCID-rhj7-dy7q-jkhw
27
vulnerability VCID-rr4q-f5cv-nkah
28
vulnerability VCID-t84c-8r34-57b9
29
vulnerability VCID-ty3y-k9t2-qyba
30
vulnerability VCID-u1xx-aazv-bkg5
31
vulnerability VCID-u4w3-usvb-jyf6
32
vulnerability VCID-uqcw-p8g2-cfd2
33
vulnerability VCID-utyg-huhu-2ucq
34
vulnerability VCID-vevm-4sfk-f7gq
35
vulnerability VCID-vq5y-hdw3-nucj
36
vulnerability VCID-w3q4-838v-97ck
37
vulnerability VCID-wbuz-qcp3-43aq
38
vulnerability VCID-wbvy-zrtk-audw
39
vulnerability VCID-ww44-hb2y-mfd5
40
vulnerability VCID-wwvq-399y-rfhc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5
aliases CVE-2017-6927, GHSA-585j-5449-mf5m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jnu7-1j9c-dqck
7
url VCID-krhy-kg1b-rfbk
vulnerability_id VCID-krhy-kg1b-rfbk
summary 
File REST resource does not properly validate
The file REST resource does not properly validate some fields when manipulating files. the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6921
reference_id
reference_type
scores
0
value 0.00463
scoring_system epss
scoring_elements 0.64204
published_at 2026-04-01T12:55:00Z
1
value 0.00463
scoring_system epss
scoring_elements 0.64289
published_at 2026-04-04T12:55:00Z
2
value 0.00463
scoring_system epss
scoring_elements 0.64262
published_at 2026-04-02T12:55:00Z
3
value 0.00463
scoring_system epss
scoring_elements 0.6429
published_at 2026-04-13T12:55:00Z
4
value 0.00463
scoring_system epss
scoring_elements 0.64316
published_at 2026-04-12T12:55:00Z
5
value 0.00463
scoring_system epss
scoring_elements 0.64327
published_at 2026-04-11T12:55:00Z
6
value 0.00463
scoring_system epss
scoring_elements 0.64314
published_at 2026-04-09T12:55:00Z
7
value 0.00463
scoring_system epss
scoring_elements 0.64299
published_at 2026-04-08T12:55:00Z
8
value 0.00463
scoring_system epss
scoring_elements 0.64249
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6921
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6921
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6921
5
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
6
reference_url https://www.drupal.org/SA-CORE-2017-003
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-003
7
reference_url http://www.securityfocus.com/bid/99222
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99222
8
reference_url http://www.securitytracker.com/id/1038781
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038781
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
10
reference_url https://github.com/advisories/GHSA-h377-287m-w2r9
reference_id GHSA-h377-287m-w2r9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h377-287m-w2r9
fixed_packages
0
url pkg:composer/drupal/drupal@8.3.4
purl pkg:composer/drupal/drupal@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-48ut-ykkc-83fx
3
vulnerability VCID-4aer-46u2-23f6
4
vulnerability VCID-565p-mgqe-gkfc
5
vulnerability VCID-5tqs-qmqn-gug5
6
vulnerability VCID-636u-5bdw-puh4
7
vulnerability VCID-6ck5-9e5b-w3ay
8
vulnerability VCID-6m8x-cfzp-tkf4
9
vulnerability VCID-8nda-kjr2-ufd4
10
vulnerability VCID-9f24-vqyt-r7dq
11
vulnerability VCID-9vdz-1jpq-kue3
12
vulnerability VCID-bbzr-hbhv-yyee
13
vulnerability VCID-c9dm-17vt-4bbc
14
vulnerability VCID-cucx-jfqf-pkd1
15
vulnerability VCID-dgjq-y5zj-cud1
16
vulnerability VCID-g1rp-twzp-63e1
17
vulnerability VCID-ga35-289v-vqhr
18
vulnerability VCID-gzcu-sbks-wyfa
19
vulnerability VCID-jfq8-xxwa-mkd1
20
vulnerability VCID-jnu7-1j9c-dqck
21
vulnerability VCID-k1gx-nznx-7qd6
22
vulnerability VCID-kh51-g4cv-tqaw
23
vulnerability VCID-mapb-hsvc-2khc
24
vulnerability VCID-n119-gta2-kfg1
25
vulnerability VCID-n7un-zgqv-jfef
26
vulnerability VCID-nc36-atc6-yua6
27
vulnerability VCID-nd8n-5dsu-2fbp
28
vulnerability VCID-pk74-yy1n-8qck
29
vulnerability VCID-r8pv-9upr-y7gd
30
vulnerability VCID-rhj7-dy7q-jkhw
31
vulnerability VCID-rr4q-f5cv-nkah
32
vulnerability VCID-s9kv-9qfu-gbdq
33
vulnerability VCID-t84c-8r34-57b9
34
vulnerability VCID-ty3y-k9t2-qyba
35
vulnerability VCID-u1xx-aazv-bkg5
36
vulnerability VCID-u4w3-usvb-jyf6
37
vulnerability VCID-uqcw-p8g2-cfd2
38
vulnerability VCID-utyg-huhu-2ucq
39
vulnerability VCID-vevm-4sfk-f7gq
40
vulnerability VCID-vq5y-hdw3-nucj
41
vulnerability VCID-w3q4-838v-97ck
42
vulnerability VCID-wbuz-qcp3-43aq
43
vulnerability VCID-wbvy-zrtk-audw
44
vulnerability VCID-ww44-hb2y-mfd5
45
vulnerability VCID-wwvq-399y-rfhc
46
vulnerability VCID-yare-57j9-j7cs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4
aliases CVE-2017-6921, GHSA-h377-287m-w2r9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-krhy-kg1b-rfbk
8
url VCID-nc36-atc6-yua6
vulnerability_id VCID-nc36-atc6-yua6
summary 
XSS Vulnerability
CKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin.
references
0
reference_url https://www.drupal.org/sa-core-2018-003
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-003
fixed_packages
0
url pkg:composer/drupal/drupal@8.4.7
purl pkg:composer/drupal/drupal@8.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-565p-mgqe-gkfc
3
vulnerability VCID-5tqs-qmqn-gug5
4
vulnerability VCID-636u-5bdw-puh4
5
vulnerability VCID-6ck5-9e5b-w3ay
6
vulnerability VCID-6m8x-cfzp-tkf4
7
vulnerability VCID-8nda-kjr2-ufd4
8
vulnerability VCID-bbzr-hbhv-yyee
9
vulnerability VCID-c9dm-17vt-4bbc
10
vulnerability VCID-cucx-jfqf-pkd1
11
vulnerability VCID-dgjq-y5zj-cud1
12
vulnerability VCID-gzcu-sbks-wyfa
13
vulnerability VCID-jfq8-xxwa-mkd1
14
vulnerability VCID-k1gx-nznx-7qd6
15
vulnerability VCID-kh51-g4cv-tqaw
16
vulnerability VCID-mapb-hsvc-2khc
17
vulnerability VCID-n119-gta2-kfg1
18
vulnerability VCID-n7un-zgqv-jfef
19
vulnerability VCID-nd8n-5dsu-2fbp
20
vulnerability VCID-pk74-yy1n-8qck
21
vulnerability VCID-r8pv-9upr-y7gd
22
vulnerability VCID-rhj7-dy7q-jkhw
23
vulnerability VCID-rr4q-f5cv-nkah
24
vulnerability VCID-t84c-8r34-57b9
25
vulnerability VCID-ty3y-k9t2-qyba
26
vulnerability VCID-u1xx-aazv-bkg5
27
vulnerability VCID-u4w3-usvb-jyf6
28
vulnerability VCID-uqcw-p8g2-cfd2
29
vulnerability VCID-utyg-huhu-2ucq
30
vulnerability VCID-vevm-4sfk-f7gq
31
vulnerability VCID-vq5y-hdw3-nucj
32
vulnerability VCID-w3q4-838v-97ck
33
vulnerability VCID-wbuz-qcp3-43aq
34
vulnerability VCID-wbvy-zrtk-audw
35
vulnerability VCID-ww44-hb2y-mfd5
36
vulnerability VCID-wwvq-399y-rfhc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7
1
url pkg:composer/drupal/drupal@8.5.2
purl pkg:composer/drupal/drupal@8.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-349d-w26k-mqfw
1
vulnerability VCID-3fka-y25d-m7a3
2
vulnerability VCID-565p-mgqe-gkfc
3
vulnerability VCID-5tqs-qmqn-gug5
4
vulnerability VCID-636u-5bdw-puh4
5
vulnerability VCID-6ck5-9e5b-w3ay
6
vulnerability VCID-6m8x-cfzp-tkf4
7
vulnerability VCID-8nda-kjr2-ufd4
8
vulnerability VCID-bbzr-hbhv-yyee
9
vulnerability VCID-c9dm-17vt-4bbc
10
vulnerability VCID-cucx-jfqf-pkd1
11
vulnerability VCID-dgjq-y5zj-cud1
12
vulnerability VCID-djgn-ezxp-37eu
13
vulnerability VCID-gzcu-sbks-wyfa
14
vulnerability VCID-jfq8-xxwa-mkd1
15
vulnerability VCID-k1gx-nznx-7qd6
16
vulnerability VCID-kh51-g4cv-tqaw
17
vulnerability VCID-mapb-hsvc-2khc
18
vulnerability VCID-n119-gta2-kfg1
19
vulnerability VCID-n7un-zgqv-jfef
20
vulnerability VCID-nd8n-5dsu-2fbp
21
vulnerability VCID-pk74-yy1n-8qck
22
vulnerability VCID-r8pv-9upr-y7gd
23
vulnerability VCID-rhj7-dy7q-jkhw
24
vulnerability VCID-rr4q-f5cv-nkah
25
vulnerability VCID-t84c-8r34-57b9
26
vulnerability VCID-ty3y-k9t2-qyba
27
vulnerability VCID-u1xx-aazv-bkg5
28
vulnerability VCID-u4w3-usvb-jyf6
29
vulnerability VCID-uqcw-p8g2-cfd2
30
vulnerability VCID-utyg-huhu-2ucq
31
vulnerability VCID-vevm-4sfk-f7gq
32
vulnerability VCID-vq5y-hdw3-nucj
33
vulnerability VCID-w3q4-838v-97ck
34
vulnerability VCID-wbuz-qcp3-43aq
35
vulnerability VCID-wbvy-zrtk-audw
36
vulnerability VCID-ww44-hb2y-mfd5
37
vulnerability VCID-wwvq-399y-rfhc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2
aliases SA-CORE-2018-003
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nc36-atc6-yua6
9
url VCID-sktb-khbq-cuaq
vulnerability_id VCID-sktb-khbq-cuaq
summary 
Incorrect cache context on password reset page
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9450
reference_id
reference_type
scores
0
value 0.00227
scoring_system epss
scoring_elements 0.45439
published_at 2026-04-02T12:55:00Z
1
value 0.00227
scoring_system epss
scoring_elements 0.4546
published_at 2026-04-09T12:55:00Z
2
value 0.00227
scoring_system epss
scoring_elements 0.45365
published_at 2026-04-01T12:55:00Z
3
value 0.00227
scoring_system epss
scoring_elements 0.45452
published_at 2026-04-13T12:55:00Z
4
value 0.00227
scoring_system epss
scoring_elements 0.45451
published_at 2026-04-12T12:55:00Z
5
value 0.00227
scoring_system epss
scoring_elements 0.45481
published_at 2026-04-11T12:55:00Z
6
value 0.00227
scoring_system epss
scoring_elements 0.45459
published_at 2026-04-08T12:55:00Z
7
value 0.00227
scoring_system epss
scoring_elements 0.45405
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9450
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9450
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9450
5
reference_url https://www.drupal.org/SA-CORE-2016-005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-005
6
reference_url http://www.securityfocus.com/bid/94367
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94367
7
reference_url https://security.archlinux.org/ASA-201611-20
reference_id ASA-201611-20
reference_type
scores
url https://security.archlinux.org/ASA-201611-20
8
reference_url https://security.archlinux.org/AVG-74
reference_id AVG-74
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-74
9
reference_url https://github.com/advisories/GHSA-98w5-wqp9-w466
reference_id GHSA-98w5-wqp9-w466
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98w5-wqp9-w466
fixed_packages
0
url pkg:composer/drupal/drupal@8.2.3
purl pkg:composer/drupal/drupal@8.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1922-fwnz-wkbt
1
vulnerability VCID-349d-w26k-mqfw
2
vulnerability VCID-3fka-y25d-m7a3
3
vulnerability VCID-3hf4-tvxn-zyh4
4
vulnerability VCID-48ut-ykkc-83fx
5
vulnerability VCID-4aer-46u2-23f6
6
vulnerability VCID-565p-mgqe-gkfc
7
vulnerability VCID-5tqs-qmqn-gug5
8
vulnerability VCID-636u-5bdw-puh4
9
vulnerability VCID-6ck5-9e5b-w3ay
10
vulnerability VCID-6m8x-cfzp-tkf4
11
vulnerability VCID-8nda-kjr2-ufd4
12
vulnerability VCID-9f24-vqyt-r7dq
13
vulnerability VCID-9vdz-1jpq-kue3
14
vulnerability VCID-bbzr-hbhv-yyee
15
vulnerability VCID-c9dm-17vt-4bbc
16
vulnerability VCID-cucx-jfqf-pkd1
17
vulnerability VCID-dgjq-y5zj-cud1
18
vulnerability VCID-fm5k-u7s6-wfhb
19
vulnerability VCID-g1rp-twzp-63e1
20
vulnerability VCID-ga35-289v-vqhr
21
vulnerability VCID-gzcu-sbks-wyfa
22
vulnerability VCID-hpsp-5qtj-v7dq
23
vulnerability VCID-hzr8-ttbu-ebhg
24
vulnerability VCID-jfq8-xxwa-mkd1
25
vulnerability VCID-jnu7-1j9c-dqck
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kh51-g4cv-tqaw
28
vulnerability VCID-krhy-kg1b-rfbk
29
vulnerability VCID-m1ur-bb9m-m7d5
30
vulnerability VCID-mapb-hsvc-2khc
31
vulnerability VCID-n119-gta2-kfg1
32
vulnerability VCID-n7un-zgqv-jfef
33
vulnerability VCID-nc36-atc6-yua6
34
vulnerability VCID-nd8n-5dsu-2fbp
35
vulnerability VCID-pk74-yy1n-8qck
36
vulnerability VCID-r8pv-9upr-y7gd
37
vulnerability VCID-rhj7-dy7q-jkhw
38
vulnerability VCID-rr4q-f5cv-nkah
39
vulnerability VCID-s9kv-9qfu-gbdq
40
vulnerability VCID-t84c-8r34-57b9
41
vulnerability VCID-ty3y-k9t2-qyba
42
vulnerability VCID-u1xx-aazv-bkg5
43
vulnerability VCID-u4w3-usvb-jyf6
44
vulnerability VCID-uqcw-p8g2-cfd2
45
vulnerability VCID-utyg-huhu-2ucq
46
vulnerability VCID-vevm-4sfk-f7gq
47
vulnerability VCID-vq5y-hdw3-nucj
48
vulnerability VCID-w3q4-838v-97ck
49
vulnerability VCID-wbuz-qcp3-43aq
50
vulnerability VCID-wbvy-zrtk-audw
51
vulnerability VCID-ww44-hb2y-mfd5
52
vulnerability VCID-wwvq-399y-rfhc
53
vulnerability VCID-y74s-ghyc-2bhs
54
vulnerability VCID-yare-57j9-j7cs
55
vulnerability VCID-ymka-jfep-87gt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3
aliases CVE-2016-9450, GHSA-98w5-wqp9-w466
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sktb-khbq-cuaq
10
url VCID-vy1y-zkf3-4ue4
vulnerability_id VCID-vy1y-zkf3-4ue4
summary 
Denial of service via transliterate mechanism
A specially crafted URL can cause a denial of service via the transliterate mechanism.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9452
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59319
published_at 2026-04-02T12:55:00Z
1
value 0.00378
scoring_system epss
scoring_elements 0.59356
published_at 2026-04-13T12:55:00Z
2
value 0.00378
scoring_system epss
scoring_elements 0.59374
published_at 2026-04-12T12:55:00Z
3
value 0.00378
scoring_system epss
scoring_elements 0.5939
published_at 2026-04-11T12:55:00Z
4
value 0.00378
scoring_system epss
scoring_elements 0.59371
published_at 2026-04-09T12:55:00Z
5
value 0.00378
scoring_system epss
scoring_elements 0.59358
published_at 2026-04-08T12:55:00Z
6
value 0.00378
scoring_system epss
scoring_elements 0.59307
published_at 2026-04-07T12:55:00Z
7
value 0.00378
scoring_system epss
scoring_elements 0.59343
published_at 2026-04-04T12:55:00Z
8
value 0.00378
scoring_system epss
scoring_elements 0.59245
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9452
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9452
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9452
5
reference_url https://www.drupal.org/SA-CORE-2016-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-005
6
reference_url http://www.securityfocus.com/bid/94367
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94367
7
reference_url https://security.archlinux.org/ASA-201611-20
reference_id ASA-201611-20
reference_type
scores
url https://security.archlinux.org/ASA-201611-20
8
reference_url https://security.archlinux.org/AVG-74
reference_id AVG-74
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-74
9
reference_url https://github.com/advisories/GHSA-jpj8-49hr-wcwv
reference_id GHSA-jpj8-49hr-wcwv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jpj8-49hr-wcwv
fixed_packages
0
url pkg:composer/drupal/drupal@8.2.3
purl pkg:composer/drupal/drupal@8.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1922-fwnz-wkbt
1
vulnerability VCID-349d-w26k-mqfw
2
vulnerability VCID-3fka-y25d-m7a3
3
vulnerability VCID-3hf4-tvxn-zyh4
4
vulnerability VCID-48ut-ykkc-83fx
5
vulnerability VCID-4aer-46u2-23f6
6
vulnerability VCID-565p-mgqe-gkfc
7
vulnerability VCID-5tqs-qmqn-gug5
8
vulnerability VCID-636u-5bdw-puh4
9
vulnerability VCID-6ck5-9e5b-w3ay
10
vulnerability VCID-6m8x-cfzp-tkf4
11
vulnerability VCID-8nda-kjr2-ufd4
12
vulnerability VCID-9f24-vqyt-r7dq
13
vulnerability VCID-9vdz-1jpq-kue3
14
vulnerability VCID-bbzr-hbhv-yyee
15
vulnerability VCID-c9dm-17vt-4bbc
16
vulnerability VCID-cucx-jfqf-pkd1
17
vulnerability VCID-dgjq-y5zj-cud1
18
vulnerability VCID-fm5k-u7s6-wfhb
19
vulnerability VCID-g1rp-twzp-63e1
20
vulnerability VCID-ga35-289v-vqhr
21
vulnerability VCID-gzcu-sbks-wyfa
22
vulnerability VCID-hpsp-5qtj-v7dq
23
vulnerability VCID-hzr8-ttbu-ebhg
24
vulnerability VCID-jfq8-xxwa-mkd1
25
vulnerability VCID-jnu7-1j9c-dqck
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kh51-g4cv-tqaw
28
vulnerability VCID-krhy-kg1b-rfbk
29
vulnerability VCID-m1ur-bb9m-m7d5
30
vulnerability VCID-mapb-hsvc-2khc
31
vulnerability VCID-n119-gta2-kfg1
32
vulnerability VCID-n7un-zgqv-jfef
33
vulnerability VCID-nc36-atc6-yua6
34
vulnerability VCID-nd8n-5dsu-2fbp
35
vulnerability VCID-pk74-yy1n-8qck
36
vulnerability VCID-r8pv-9upr-y7gd
37
vulnerability VCID-rhj7-dy7q-jkhw
38
vulnerability VCID-rr4q-f5cv-nkah
39
vulnerability VCID-s9kv-9qfu-gbdq
40
vulnerability VCID-t84c-8r34-57b9
41
vulnerability VCID-ty3y-k9t2-qyba
42
vulnerability VCID-u1xx-aazv-bkg5
43
vulnerability VCID-u4w3-usvb-jyf6
44
vulnerability VCID-uqcw-p8g2-cfd2
45
vulnerability VCID-utyg-huhu-2ucq
46
vulnerability VCID-vevm-4sfk-f7gq
47
vulnerability VCID-vq5y-hdw3-nucj
48
vulnerability VCID-w3q4-838v-97ck
49
vulnerability VCID-wbuz-qcp3-43aq
50
vulnerability VCID-wbvy-zrtk-audw
51
vulnerability VCID-ww44-hb2y-mfd5
52
vulnerability VCID-wwvq-399y-rfhc
53
vulnerability VCID-y74s-ghyc-2bhs
54
vulnerability VCID-yare-57j9-j7cs
55
vulnerability VCID-ymka-jfep-87gt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3
aliases CVE-2016-9452, GHSA-jpj8-49hr-wcwv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vy1y-zkf3-4ue4
11
url VCID-yrzt-3m97-53ce
vulnerability_id VCID-yrzt-3m97-53ce
summary 
Unprivileged access to taxonomy terms
Modules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9449
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44037
published_at 2026-04-02T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.44011
published_at 2026-04-13T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44027
published_at 2026-04-12T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44045
published_at 2026-04-09T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.4406
published_at 2026-04-11T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.43989
published_at 2026-04-01T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44042
published_at 2026-04-08T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.43991
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9449
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451
3
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9449
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9449
7
reference_url https://www.drupal.org/SA-CORE-2016-005
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-005
8
reference_url http://www.debian.org/security/2016/dsa-3718
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3718
9
reference_url http://www.securityfocus.com/bid/94367
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94367
10
reference_url https://security.archlinux.org/ASA-201611-20
reference_id ASA-201611-20
reference_type
scores
url https://security.archlinux.org/ASA-201611-20
11
reference_url https://security.archlinux.org/AVG-74
reference_id AVG-74
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-74
12
reference_url https://github.com/advisories/GHSA-p745-347h-hjfw
reference_id GHSA-p745-347h-hjfw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p745-347h-hjfw
fixed_packages
0
url pkg:composer/drupal/drupal@8.2.3
purl pkg:composer/drupal/drupal@8.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1922-fwnz-wkbt
1
vulnerability VCID-349d-w26k-mqfw
2
vulnerability VCID-3fka-y25d-m7a3
3
vulnerability VCID-3hf4-tvxn-zyh4
4
vulnerability VCID-48ut-ykkc-83fx
5
vulnerability VCID-4aer-46u2-23f6
6
vulnerability VCID-565p-mgqe-gkfc
7
vulnerability VCID-5tqs-qmqn-gug5
8
vulnerability VCID-636u-5bdw-puh4
9
vulnerability VCID-6ck5-9e5b-w3ay
10
vulnerability VCID-6m8x-cfzp-tkf4
11
vulnerability VCID-8nda-kjr2-ufd4
12
vulnerability VCID-9f24-vqyt-r7dq
13
vulnerability VCID-9vdz-1jpq-kue3
14
vulnerability VCID-bbzr-hbhv-yyee
15
vulnerability VCID-c9dm-17vt-4bbc
16
vulnerability VCID-cucx-jfqf-pkd1
17
vulnerability VCID-dgjq-y5zj-cud1
18
vulnerability VCID-fm5k-u7s6-wfhb
19
vulnerability VCID-g1rp-twzp-63e1
20
vulnerability VCID-ga35-289v-vqhr
21
vulnerability VCID-gzcu-sbks-wyfa
22
vulnerability VCID-hpsp-5qtj-v7dq
23
vulnerability VCID-hzr8-ttbu-ebhg
24
vulnerability VCID-jfq8-xxwa-mkd1
25
vulnerability VCID-jnu7-1j9c-dqck
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kh51-g4cv-tqaw
28
vulnerability VCID-krhy-kg1b-rfbk
29
vulnerability VCID-m1ur-bb9m-m7d5
30
vulnerability VCID-mapb-hsvc-2khc
31
vulnerability VCID-n119-gta2-kfg1
32
vulnerability VCID-n7un-zgqv-jfef
33
vulnerability VCID-nc36-atc6-yua6
34
vulnerability VCID-nd8n-5dsu-2fbp
35
vulnerability VCID-pk74-yy1n-8qck
36
vulnerability VCID-r8pv-9upr-y7gd
37
vulnerability VCID-rhj7-dy7q-jkhw
38
vulnerability VCID-rr4q-f5cv-nkah
39
vulnerability VCID-s9kv-9qfu-gbdq
40
vulnerability VCID-t84c-8r34-57b9
41
vulnerability VCID-ty3y-k9t2-qyba
42
vulnerability VCID-u1xx-aazv-bkg5
43
vulnerability VCID-u4w3-usvb-jyf6
44
vulnerability VCID-uqcw-p8g2-cfd2
45
vulnerability VCID-utyg-huhu-2ucq
46
vulnerability VCID-vevm-4sfk-f7gq
47
vulnerability VCID-vq5y-hdw3-nucj
48
vulnerability VCID-w3q4-838v-97ck
49
vulnerability VCID-wbuz-qcp3-43aq
50
vulnerability VCID-wbvy-zrtk-audw
51
vulnerability VCID-ww44-hb2y-mfd5
52
vulnerability VCID-wwvq-399y-rfhc
53
vulnerability VCID-y74s-ghyc-2bhs
54
vulnerability VCID-yare-57j9-j7cs
55
vulnerability VCID-ymka-jfep-87gt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3
aliases CVE-2016-9449, GHSA-p745-347h-hjfw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzt-3m97-53ce
12
url VCID-yty5-zn46-r3dj
vulnerability_id VCID-yty5-zn46-r3dj
summary 
Unprivileged access to "Administer comments"
Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7570
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57006
published_at 2026-04-01T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57143
published_at 2026-04-12T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.57164
published_at 2026-04-11T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.57152
published_at 2026-04-09T12:55:00Z
4
value 0.00345
scoring_system epss
scoring_elements 0.5715
published_at 2026-04-08T12:55:00Z
5
value 0.00345
scoring_system epss
scoring_elements 0.57099
published_at 2026-04-07T12:55:00Z
6
value 0.00345
scoring_system epss
scoring_elements 0.57123
published_at 2026-04-13T12:55:00Z
7
value 0.00345
scoring_system epss
scoring_elements 0.571
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7570
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7570
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7570
5
reference_url https://www.drupal.org/SA-CORE-2016-004
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-004
6
reference_url http://www.securityfocus.com/bid/93101
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/93101
7
reference_url http://www.securitytracker.com/id/1036886
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1036886
8
reference_url https://github.com/advisories/GHSA-6g9h-6v79-w4pc
reference_id GHSA-6g9h-6v79-w4pc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6g9h-6v79-w4pc
fixed_packages
0
url pkg:composer/drupal/drupal@8.1.10
purl pkg:composer/drupal/drupal@8.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1922-fwnz-wkbt
1
vulnerability VCID-349d-w26k-mqfw
2
vulnerability VCID-3fka-y25d-m7a3
3
vulnerability VCID-3hf4-tvxn-zyh4
4
vulnerability VCID-48ut-ykkc-83fx
5
vulnerability VCID-4aer-46u2-23f6
6
vulnerability VCID-565p-mgqe-gkfc
7
vulnerability VCID-5tqs-qmqn-gug5
8
vulnerability VCID-636u-5bdw-puh4
9
vulnerability VCID-6ck5-9e5b-w3ay
10
vulnerability VCID-6m8x-cfzp-tkf4
11
vulnerability VCID-8nda-kjr2-ufd4
12
vulnerability VCID-9f24-vqyt-r7dq
13
vulnerability VCID-9vdz-1jpq-kue3
14
vulnerability VCID-bbzr-hbhv-yyee
15
vulnerability VCID-c9dm-17vt-4bbc
16
vulnerability VCID-cucx-jfqf-pkd1
17
vulnerability VCID-d4qd-ut89-gbf4
18
vulnerability VCID-dgjq-y5zj-cud1
19
vulnerability VCID-fm5k-u7s6-wfhb
20
vulnerability VCID-g1rp-twzp-63e1
21
vulnerability VCID-ga35-289v-vqhr
22
vulnerability VCID-gzcu-sbks-wyfa
23
vulnerability VCID-hzr8-ttbu-ebhg
24
vulnerability VCID-jfq8-xxwa-mkd1
25
vulnerability VCID-jnu7-1j9c-dqck
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kh51-g4cv-tqaw
28
vulnerability VCID-krhy-kg1b-rfbk
29
vulnerability VCID-mapb-hsvc-2khc
30
vulnerability VCID-n119-gta2-kfg1
31
vulnerability VCID-n7un-zgqv-jfef
32
vulnerability VCID-nc36-atc6-yua6
33
vulnerability VCID-nd8n-5dsu-2fbp
34
vulnerability VCID-pk74-yy1n-8qck
35
vulnerability VCID-r8pv-9upr-y7gd
36
vulnerability VCID-rhj7-dy7q-jkhw
37
vulnerability VCID-rr4q-f5cv-nkah
38
vulnerability VCID-s9kv-9qfu-gbdq
39
vulnerability VCID-sktb-khbq-cuaq
40
vulnerability VCID-t84c-8r34-57b9
41
vulnerability VCID-ty3y-k9t2-qyba
42
vulnerability VCID-u1xx-aazv-bkg5
43
vulnerability VCID-u4w3-usvb-jyf6
44
vulnerability VCID-uqcw-p8g2-cfd2
45
vulnerability VCID-utyg-huhu-2ucq
46
vulnerability VCID-vevm-4sfk-f7gq
47
vulnerability VCID-vq5y-hdw3-nucj
48
vulnerability VCID-vy1y-zkf3-4ue4
49
vulnerability VCID-w3q4-838v-97ck
50
vulnerability VCID-wbuz-qcp3-43aq
51
vulnerability VCID-wbvy-zrtk-audw
52
vulnerability VCID-ww44-hb2y-mfd5
53
vulnerability VCID-wwvq-399y-rfhc
54
vulnerability VCID-y74s-ghyc-2bhs
55
vulnerability VCID-yare-57j9-j7cs
56
vulnerability VCID-ymka-jfep-87gt
57
vulnerability VCID-yrzt-3m97-53ce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10
aliases CVE-2016-7570, GHSA-6g9h-6v79-w4pc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yty5-zn46-r3dj
13
url VCID-zvtp-4we3-qygx
vulnerability_id VCID-zvtp-4we3-qygx
summary 
Unprivileged access to config export
The `system.temporary` route allows the download of a full config export. The full config export should be limited to those with "Export configuration" permission.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7572
reference_id
reference_type
scores
0
value 0.00252
scoring_system epss
scoring_elements 0.48545
published_at 2026-04-02T12:55:00Z
1
value 0.00252
scoring_system epss
scoring_elements 0.48577
published_at 2026-04-13T12:55:00Z
2
value 0.00252
scoring_system epss
scoring_elements 0.48564
published_at 2026-04-12T12:55:00Z
3
value 0.00252
scoring_system epss
scoring_elements 0.48591
published_at 2026-04-11T12:55:00Z
4
value 0.00252
scoring_system epss
scoring_elements 0.48568
published_at 2026-04-04T12:55:00Z
5
value 0.00252
scoring_system epss
scoring_elements 0.4851
published_at 2026-04-01T12:55:00Z
6
value 0.00252
scoring_system epss
scoring_elements 0.4857
published_at 2026-04-09T12:55:00Z
7
value 0.00252
scoring_system epss
scoring_elements 0.48574
published_at 2026-04-08T12:55:00Z
8
value 0.00252
scoring_system epss
scoring_elements 0.4852
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7572
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7572
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7572
5
reference_url https://www.drupal.org/SA-CORE-2016-004
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-004
6
reference_url http://www.securityfocus.com/bid/93101
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/93101
7
reference_url http://www.securitytracker.com/id/1036886
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1036886
8
reference_url https://github.com/advisories/GHSA-fmqh-2j2x-vgp3
reference_id GHSA-fmqh-2j2x-vgp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fmqh-2j2x-vgp3
fixed_packages
0
url pkg:composer/drupal/drupal@8.1.10
purl pkg:composer/drupal/drupal@8.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1922-fwnz-wkbt
1
vulnerability VCID-349d-w26k-mqfw
2
vulnerability VCID-3fka-y25d-m7a3
3
vulnerability VCID-3hf4-tvxn-zyh4
4
vulnerability VCID-48ut-ykkc-83fx
5
vulnerability VCID-4aer-46u2-23f6
6
vulnerability VCID-565p-mgqe-gkfc
7
vulnerability VCID-5tqs-qmqn-gug5
8
vulnerability VCID-636u-5bdw-puh4
9
vulnerability VCID-6ck5-9e5b-w3ay
10
vulnerability VCID-6m8x-cfzp-tkf4
11
vulnerability VCID-8nda-kjr2-ufd4
12
vulnerability VCID-9f24-vqyt-r7dq
13
vulnerability VCID-9vdz-1jpq-kue3
14
vulnerability VCID-bbzr-hbhv-yyee
15
vulnerability VCID-c9dm-17vt-4bbc
16
vulnerability VCID-cucx-jfqf-pkd1
17
vulnerability VCID-d4qd-ut89-gbf4
18
vulnerability VCID-dgjq-y5zj-cud1
19
vulnerability VCID-fm5k-u7s6-wfhb
20
vulnerability VCID-g1rp-twzp-63e1
21
vulnerability VCID-ga35-289v-vqhr
22
vulnerability VCID-gzcu-sbks-wyfa
23
vulnerability VCID-hzr8-ttbu-ebhg
24
vulnerability VCID-jfq8-xxwa-mkd1
25
vulnerability VCID-jnu7-1j9c-dqck
26
vulnerability VCID-k1gx-nznx-7qd6
27
vulnerability VCID-kh51-g4cv-tqaw
28
vulnerability VCID-krhy-kg1b-rfbk
29
vulnerability VCID-mapb-hsvc-2khc
30
vulnerability VCID-n119-gta2-kfg1
31
vulnerability VCID-n7un-zgqv-jfef
32
vulnerability VCID-nc36-atc6-yua6
33
vulnerability VCID-nd8n-5dsu-2fbp
34
vulnerability VCID-pk74-yy1n-8qck
35
vulnerability VCID-r8pv-9upr-y7gd
36
vulnerability VCID-rhj7-dy7q-jkhw
37
vulnerability VCID-rr4q-f5cv-nkah
38
vulnerability VCID-s9kv-9qfu-gbdq
39
vulnerability VCID-sktb-khbq-cuaq
40
vulnerability VCID-t84c-8r34-57b9
41
vulnerability VCID-ty3y-k9t2-qyba
42
vulnerability VCID-u1xx-aazv-bkg5
43
vulnerability VCID-u4w3-usvb-jyf6
44
vulnerability VCID-uqcw-p8g2-cfd2
45
vulnerability VCID-utyg-huhu-2ucq
46
vulnerability VCID-vevm-4sfk-f7gq
47
vulnerability VCID-vq5y-hdw3-nucj
48
vulnerability VCID-vy1y-zkf3-4ue4
49
vulnerability VCID-w3q4-838v-97ck
50
vulnerability VCID-wbuz-qcp3-43aq
51
vulnerability VCID-wbvy-zrtk-audw
52
vulnerability VCID-ww44-hb2y-mfd5
53
vulnerability VCID-wwvq-399y-rfhc
54
vulnerability VCID-y74s-ghyc-2bhs
55
vulnerability VCID-yare-57j9-j7cs
56
vulnerability VCID-ymka-jfep-87gt
57
vulnerability VCID-yrzt-3m97-53ce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10
aliases CVE-2016-7572, GHSA-fmqh-2j2x-vgp3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvtp-4we3-qygx
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0-alpha12