Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/19352?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/19352?format=api", "purl": "pkg:composer/drupal/core@9.0.12", "type": "composer", "namespace": "drupal", "name": "core", "version": "9.0.12", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.4.9", "latest_non_vulnerable_version": "11.3.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/123441?format=api", "vulnerability_id": "VCID-1d2m-3ycf-3ycf", "summary": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26277", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26077", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13080" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13080", "reference_id": "CVE-2025-13080", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13080" }, { "reference_url": "https://github.com/advisories/GHSA-83v7-c2cf-p9c2", "reference_id": "GHSA-83v7-c2cf-p9c2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-83v7-c2cf-p9c2" }, { "reference_url": "https://www.drupal.org/sa-core-2025-005", "reference_id": "sa-core-2025-005", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/" } ], "url": "https://www.drupal.org/sa-core-2025-005" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35316?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35312?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35315?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35314?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13080", "GHSA-83v7-c2cf-p9c2" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1d2m-3ycf-3ycf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59461?format=api", "vulnerability_id": "VCID-1w42-v1sq-fkac", "summary": "Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.\n\nDrupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09982", "scoring_system": "epss", "scoring_elements": "0.93233", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.09982", "scoring_system": "epss", "scoring_elements": "0.93211", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55637" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55637", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55637" }, { "reference_url": "https://github.com/advisories/GHSA-w6rx-9g2x-mg5g", "reference_id": "GHSA-w6rx-9g2x-mg5g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w6rx-9g2x-mg5g" }, { "reference_url": "https://www.drupal.org/sa-core-2024-007", "reference_id": "sa-core-2024-007", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:20:25Z/" } ], "url": "https://www.drupal.org/sa-core-2024-007" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372348?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55637", "GHSA-w6rx-9g2x-mg5g" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1w42-v1sq-fkac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59387?format=api", "vulnerability_id": "VCID-227y-mp79-jydd", "summary": "Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.\n\nDrupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11473", "scoring_system": "epss", "scoring_elements": "0.93793", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.11473", "scoring_system": "epss", "scoring_elements": "0.93772", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55636" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55636", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55636" }, { "reference_url": "https://github.com/advisories/GHSA-938f-5r4f-h65v", "reference_id": "GHSA-938f-5r4f-h65v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-938f-5r4f-h65v" }, { "reference_url": "https://www.drupal.org/sa-core-2024-006", "reference_id": "sa-core-2024-006", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:21:16Z/" } ], "url": "https://www.drupal.org/sa-core-2024-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372348?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55636", "GHSA-938f-5r4f-h65v" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-227y-mp79-jydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59568?format=api", "vulnerability_id": "VCID-26ck-rher-hfg4", "summary": "A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78954", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78888", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55634" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55634" }, { "reference_url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8", "reference_id": "GHSA-7cwc-fjqm-8vh8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cwc-fjqm-8vh8" }, { "reference_url": "https://www.drupal.org/sa-core-2024-004", "reference_id": "sa-core-2024-004", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/" } ], "url": "https://www.drupal.org/sa-core-2024-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372348?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-55634", "GHSA-7cwc-fjqm-8vh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26ck-rher-hfg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/103986?format=api", "vulnerability_id": "VCID-4sqe-bvj6-pkdq", "summary": "Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32568", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32387", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31673" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31673", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31673" }, { "reference_url": "https://github.com/advisories/GHSA-wpp8-fjgf-pwc7", "reference_id": "GHSA-wpp8-fjgf-pwc7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wpp8-fjgf-pwc7" }, { "reference_url": "https://www.drupal.org/sa-core-2025-002", "reference_id": "sa-core-2025-002", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/" } ], "url": "https://www.drupal.org/sa-core-2025-002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376293?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/376294?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/376295?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/376296?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-31673", "GHSA-wpp8-fjgf-pwc7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sqe-bvj6-pkdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/136981?format=api", "vulnerability_id": "VCID-7669-dguj-2qfd", "summary": "The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58761", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58649", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31250" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31250" }, { "reference_url": "https://github.com/advisories/GHSA-8849-cv9f-vccm", "reference_id": "GHSA-8849-cv9f-vccm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8849-cv9f-vccm" }, { "reference_url": "https://www.drupal.org/sa-core-2023-005", "reference_id": "sa-core-2023-005", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T16:49:01Z/" } ], "url": "https://www.drupal.org/sa-core-2023-005" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379440?format=api", "purl": "pkg:composer/drupal/core@9.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/379439?format=api", "purl": "pkg:composer/drupal/core@9.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/379438?format=api", "purl": "pkg:composer/drupal/core@10.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.8" } ], "aliases": [ "CVE-2023-31250", "GHSA-8849-cv9f-vccm" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7669-dguj-2qfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40418?format=api", "vulnerability_id": "VCID-7sar-42a4-kqdy", "summary": "core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86689", "scoring_system": "epss", "scoring_elements": "0.99442", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.86689", "scoring_system": "epss", "scoring_elements": "0.99444", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45440" }, { "reference_url": "https://github.com/github/advisory-database/pull/4827", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/4827" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.2.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.2.9" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/10.3.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/10.3.6" }, { "reference_url": "https://www.drupal.org/project/drupal/releases/11.0.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/project/drupal/releases/11.0.5" }, { "reference_url": "https://www.exploit-db.com/exploits/52266", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/52266" }, { "reference_url": "https://www.drupal.org/project/drupal/issues/3457781", "reference_id": "3457781", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://www.drupal.org/project/drupal/issues/3457781" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py", "reference_id": "CVE-2024-45440", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440", "reference_id": "CVE-2024-45440", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45440" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/", "reference_id": "CVE-2024-45440-Explained", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained/" }, { "reference_url": "https://senscybersecurity.nl/CVE-2024-45440-Explained", "reference_id": "CVE-2024-45440-EXPLAINED", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://senscybersecurity.nl/CVE-2024-45440-Explained" }, { "reference_url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc", "reference_id": "GHSA-mg8j-w93w-xjgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg8j-w93w-xjgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33159?format=api", "purl": "pkg:composer/drupal/core@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/736598?format=api", "purl": "pkg:composer/drupal/core@10.3.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33158?format=api", "purl": "pkg:composer/drupal/core@10.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/736601?format=api", "purl": "pkg:composer/drupal/core@11.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33156?format=api", "purl": "pkg:composer/drupal/core@11.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5" } ], "aliases": [ "CVE-2024-45440", "GHSA-mg8j-w93w-xjgc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7sar-42a4-kqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/122945?format=api", "vulnerability_id": "VCID-94he-hr4a-yygs", "summary": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0149", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01492", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13083" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083", "reference_id": "CVE-2025-13083", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13083" }, { "reference_url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2", "reference_id": "GHSA-mhpg-hpj5-73r2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhpg-hpj5-73r2" }, { "reference_url": "https://www.drupal.org/sa-core-2025-008", "reference_id": "sa-core-2025-008", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/" } ], "url": "https://www.drupal.org/sa-core-2025-008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35316?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35312?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35315?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35314?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13083", "GHSA-mhpg-hpj5-73r2" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94he-hr4a-yygs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133284?format=api", "vulnerability_id": "VCID-9jxk-pzre-4kgx", "summary": "In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.80169", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.80107", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5256" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742" }, { "reference_url": "https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc" }, { "reference_url": "https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5256", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5256" }, { "reference_url": "https://github.com/advisories/GHSA-rjqg-3h9m-fx5x", "reference_id": "GHSA-rjqg-3h9m-fx5x", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjqg-3h9m-fx5x" }, { "reference_url": "https://www.drupal.org/sa-core-2023-006", "reference_id": "sa-core-2023-006", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T18:22:43Z/" } ], "url": "https://www.drupal.org/sa-core-2023-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379707?format=api", "purl": "pkg:composer/drupal/core@9.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/379708?format=api", "purl": "pkg:composer/drupal/core@10.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/379709?format=api", "purl": "pkg:composer/drupal/core@10.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-69xw-x4r1-vqcg" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.4" } ], "aliases": [ "CVE-2023-5256", "GHSA-rjqg-3h9m-fx5x" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9jxk-pzre-4kgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/103925?format=api", "vulnerability_id": "VCID-aqce-af3u-myd2", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.55056", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54934", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31674" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31674", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31674" }, { "reference_url": "https://github.com/advisories/GHSA-2qph-q8xw-gv7q", "reference_id": "GHSA-2qph-q8xw-gv7q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2qph-q8xw-gv7q" }, { "reference_url": "https://www.drupal.org/sa-core-2025-003", "reference_id": "sa-core-2025-003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/" } ], "url": "https://www.drupal.org/sa-core-2025-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376293?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/376294?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/376295?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/376296?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-31674", "GHSA-2qph-q8xw-gv7q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqce-af3u-myd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/123307?format=api", "vulnerability_id": "VCID-e5uh-sqmj-qyg7", "summary": "User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.14033", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13916", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13082" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13082", "reference_id": "CVE-2025-13082", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13082" }, { "reference_url": "https://github.com/advisories/GHSA-h89p-5896-f4q8", "reference_id": "GHSA-h89p-5896-f4q8", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h89p-5896-f4q8" }, { "reference_url": "https://www.drupal.org/sa-core-2025-007", "reference_id": "sa-core-2025-007", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/" } ], "url": "https://www.drupal.org/sa-core-2025-007" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35316?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35312?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35315?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35314?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13082", "GHSA-h89p-5896-f4q8" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5uh-sqmj-qyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173496?format=api", "vulnerability_id": "VCID-ed3c-h2ww-j3gm", "summary": "guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76636", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76567", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775" }, { "reference_url": "https://github.com/guzzle/psr7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/psr7" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236", "reference_id": "1008236", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236" }, { "reference_url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc", "reference_id": "9a96d9db668b485361ed9de7b5bf1e54895df1dc", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775", "reference_id": "CVE-2022-24775", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml", "reference_id": "CVE-2022-24775.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml" }, { "reference_url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1", "reference_id": "e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1" }, { "reference_url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96", "reference_id": "GHSA-q7rv-6hp3-vh96", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96" }, { "reference_url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96", "reference_id": "GHSA-q7rv-6hp3-vh96", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96" }, { "reference_url": "https://www.drupal.org/sa-core-2022-006", "reference_id": "sa-core-2022-006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://www.drupal.org/sa-core-2022-006" }, { "reference_url": "https://usn.ubuntu.com/6670-1/", "reference_id": "USN-6670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392283?format=api", "purl": "pkg:composer/drupal/core@9.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-91kw-xn5d-pbbe" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/545275?format=api", "purl": "pkg:composer/drupal/core@9.3.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/392284?format=api", "purl": "pkg:composer/drupal/core@9.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-91kw-xn5d-pbbe" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-cdm9-t56e-83aj" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/545278?format=api", "purl": "pkg:composer/drupal/core@10.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.0-alpha1" } ], "aliases": [ "CVE-2022-24775", "GHSA-q7rv-6hp3-vh96" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3c-h2ww-j3gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168080?format=api", "vulnerability_id": "VCID-eje5-fhmg-hbbt", "summary": "Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39261", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09505", "scoring_system": "epss", "scoring_elements": "0.93015", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.09505", "scoring_system": "epss", "scoring_elements": "0.93038", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39261" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261" }, { "reference_url": "https://github.com/twigphp/Twig", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/" }, { "reference_url": "https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991", "reference_id": "1020991", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/", "reference_id": "2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/" }, { "reference_url": "https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b", "reference_id": "35f3035c5deb0041da7b84daf02dea074ddc7a0b", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/", "reference_id": "AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39261", "reference_id": "CVE-2022-39261", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39261" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml", "reference_id": "CVE-2022-39261.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5248", "reference_id": "dsa-5248", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5248" }, { "reference_url": "https://github.com/advisories/GHSA-52m2-vc4m-jj33", "reference_id": "GHSA-52m2-vc4m-jj33", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52m2-vc4m-jj33" }, { "reference_url": "https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33", "reference_id": "GHSA-52m2-vc4m-jj33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html", "reference_id": "msg00016.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/", "reference_id": "NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/" }, { "reference_url": "https://www.drupal.org/sa-core-2022-016", "reference_id": "sa-core-2022-016", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://www.drupal.org/sa-core-2022-016" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/", "reference_id": "TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/" }, { "reference_url": "https://usn.ubuntu.com/5947-1/", "reference_id": "USN-5947-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5947-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/", "reference_id": "WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/", "reference_id": "YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/569022?format=api", "purl": "pkg:composer/drupal/core@9.4.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/590056?format=api", "purl": "pkg:composer/drupal/core@9.5.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.0-beta1" } ], "aliases": [ "CVE-2022-39261", "GHSA-52m2-vc4m-jj33" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eje5-fhmg-hbbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36951?format=api", "vulnerability_id": "VCID-ggb3-jgrj-hken", "summary": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85844", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85794", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12393" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12393", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12393" }, { "reference_url": "https://github.com/advisories/GHSA-8mvq-8h2v-j9vf", "reference_id": "GHSA-8mvq-8h2v-j9vf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8mvq-8h2v-j9vf" }, { "reference_url": "https://www.drupal.org/sa-core-2024-003", "reference_id": "sa-core-2024-003", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:36:16Z/" } ], "url": "https://www.drupal.org/sa-core-2024-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372348?format=api", "purl": "pkg:composer/drupal/core@11.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8" } ], "aliases": [ "CVE-2024-12393", "GHSA-8mvq-8h2v-j9vf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggb3-jgrj-hken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163547?format=api", "vulnerability_id": "VCID-hdq9-fe9e-93hb", "summary": "In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the \"private\" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.69437", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.69346", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25275" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf" }, { "reference_url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275", "reference_id": "CVE-2022-25275", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25275" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml", "reference_id": "CVE-2022-25275.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3", "reference_id": "GHSA-xh3v-6f9j-wxw3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xh3v-6f9j-wxw3" }, { "reference_url": "https://www.drupal.org/sa-core-2022-012", "reference_id": "sa-core-2022-012", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/" } ], "url": "https://www.drupal.org/sa-core-2022-012" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25669?format=api", "purl": "pkg:composer/drupal/core@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/25671?format=api", "purl": "pkg:composer/drupal/core@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3" } ], "aliases": [ "CVE-2022-25275", "GHSA-xh3v-6f9j-wxw3", "GMS-2022-3362" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdq9-fe9e-93hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163420?format=api", "vulnerability_id": "VCID-nhub-1map-n3by", "summary": "Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02448", "scoring_system": "epss", "scoring_elements": "0.85574", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02448", "scoring_system": "epss", "scoring_elements": "0.85523", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25277" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17" }, { "reference_url": "https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25277", "reference_id": "CVE-2022-25277", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml", "reference_id": "CVE-2022-25277.YAML", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6955-67hm-vjjq", "reference_id": "GHSA-6955-67hm-vjjq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6955-67hm-vjjq" }, { "reference_url": "https://www.drupal.org/sa-core-2022-014", "reference_id": "sa-core-2022-014", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/" } ], "url": "https://www.drupal.org/sa-core-2022-014" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25669?format=api", "purl": "pkg:composer/drupal/core@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/25671?format=api", "purl": "pkg:composer/drupal/core@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3" } ], "aliases": [ "CVE-2022-25277", "GHSA-6955-67hm-vjjq", "GMS-2022-3361" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhub-1map-n3by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/122738?format=api", "vulnerability_id": "VCID-nx17-duan-vyak", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33095", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33277", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13081" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13081", "reference_id": "CVE-2025-13081", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13081" }, { "reference_url": "https://github.com/advisories/GHSA-m6vv-vcj8-w8m7", "reference_id": "GHSA-m6vv-vcj8-w8m7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6vv-vcj8-w8m7" }, { "reference_url": "https://www.drupal.org/sa-core-2025-006", "reference_id": "sa-core-2025-006", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "4.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/" } ], "url": "https://www.drupal.org/sa-core-2025-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35316?format=api", "purl": "pkg:composer/drupal/core@10.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35312?format=api", "purl": "pkg:composer/drupal/core@10.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35315?format=api", "purl": "pkg:composer/drupal/core@11.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35314?format=api", "purl": "pkg:composer/drupal/core@11.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8" } ], "aliases": [ "CVE-2025-13081", "GHSA-m6vv-vcj8-w8m7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nx17-duan-vyak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/127275?format=api", "vulnerability_id": "VCID-rf34-12k7-xbh4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61505", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61608", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3057" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3057", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3057" }, { "reference_url": "https://github.com/advisories/GHSA-39g6-x4x8-5jcm", "reference_id": "GHSA-39g6-x4x8-5jcm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-39g6-x4x8-5jcm" }, { "reference_url": "https://www.drupal.org/sa-core-2025-001", "reference_id": "sa-core-2025-001", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/" } ], "url": "https://www.drupal.org/sa-core-2025-001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376293?format=api", "purl": "pkg:composer/drupal/core@10.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/376294?format=api", "purl": "pkg:composer/drupal/core@10.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/376295?format=api", "purl": "pkg:composer/drupal/core@11.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/376296?format=api", "purl": "pkg:composer/drupal/core@11.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3" } ], "aliases": [ "CVE-2025-3057", "GHSA-39g6-x4x8-5jcm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rf34-12k7-xbh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/104187?format=api", "vulnerability_id": "VCID-tdsq-5bqr-aufq", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. It also affects the Drupal 7 module from versions 7.x-1.0 through 7.x-1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34076", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.339", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31675" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31675", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31675" }, { "reference_url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675", "reference_id": "cve-2025-31675", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675" }, { "reference_url": "https://github.com/advisories/GHSA-m4wj-hhwj-47qp", "reference_id": "GHSA-m4wj-hhwj-47qp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4wj-hhwj-47qp" }, { "reference_url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004", "reference_id": "link-moderately-critical-cross-site-scripting-sa-core-2025-004", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004" }, { "reference_url": "https://www.drupal.org/sa-core-2025-004", "reference_id": "sa-core-2025-004", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/" } ], "url": "https://www.drupal.org/sa-core-2025-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376507?format=api", "purl": "pkg:composer/drupal/core@10.3.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/376508?format=api", "purl": "pkg:composer/drupal/core@10.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/376509?format=api", "purl": "pkg:composer/drupal/core@11.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/376510?format=api", "purl": "pkg:composer/drupal/core@11.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5" } ], "aliases": [ "CVE-2025-31675", "GHSA-m4wj-hhwj-47qp" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdsq-5bqr-aufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211699?format=api", "vulnerability_id": "VCID-vpn8-qteh-9yhz", "summary": "Drupal core Denial of Service vulnerability", "references": [ { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff" }, { "reference_url": "https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6ccv-8fgf-cjpw", "reference_id": "GHSA-6ccv-8fgf-cjpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6ccv-8fgf-cjpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28895?format=api", "purl": "pkg:composer/drupal/core@10.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/28897?format=api", "purl": "pkg:composer/drupal/core@10.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rdfc-4t9e-bqed" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2" } ], "aliases": [ "GHSA-6ccv-8fgf-cjpw", "GMS-2024-214" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpn8-qteh-9yhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163388?format=api", "vulnerability_id": "VCID-wn4r-rc6m-xbhy", "summary": "Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65604", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65504", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25278" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25278", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25278" }, { "reference_url": "https://github.com/advisories/GHSA-cfh2-7f6h-3m85", "reference_id": "GHSA-cfh2-7f6h-3m85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cfh2-7f6h-3m85" }, { "reference_url": "https://www.drupal.org/sa-core-2022-013", "reference_id": "sa-core-2022-013", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/" } ], "url": "https://www.drupal.org/sa-core-2022-013" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25669?format=api", "purl": "pkg:composer/drupal/core@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/25671?format=api", "purl": "pkg:composer/drupal/core@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3" } ], "aliases": [ "CVE-2022-25278", "GHSA-cfh2-7f6h-3m85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wn4r-rc6m-xbhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59644?format=api", "vulnerability_id": "VCID-xrzg-mcnq-vqdb", "summary": "Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.\n\nDrupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09932", "scoring_system": "epss", "scoring_elements": "0.93191", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.09932", "scoring_system": "epss", "scoring_elements": "0.93214", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55638" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55638" }, { "reference_url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4", "reference_id": "GHSA-gvf2-2f4g-jqf4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gvf2-2f4g-jqf4" }, { "reference_url": "https://www.drupal.org/sa-core-2024-008", "reference_id": "sa-core-2024-008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:19:33Z/" } ], "url": "https://www.drupal.org/sa-core-2024-008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372337?format=api", "purl": "pkg:composer/drupal/core@10.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/372338?format=api", "purl": "pkg:composer/drupal/core@10.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9" } ], "aliases": [ "CVE-2024-55638", "GHSA-gvf2-2f4g-jqf4" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrzg-mcnq-vqdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163574?format=api", "vulnerability_id": "VCID-zxut-nxke-7fce", "summary": "Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.65115", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.65015", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25273" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25273", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25273" }, { "reference_url": "https://github.com/advisories/GHSA-g36h-4jr6-qmm9", "reference_id": "GHSA-g36h-4jr6-qmm9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g36h-4jr6-qmm9" }, { "reference_url": "https://www.drupal.org/sa-core-2022-008", "reference_id": "sa-core-2022-008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/" } ], "url": "https://www.drupal.org/sa-core-2022-008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379399?format=api", "purl": "pkg:composer/drupal/core@9.2.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-91kw-xn5d-pbbe" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/379383?format=api", "purl": "pkg:composer/drupal/core@9.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-91kw-xn5d-pbbe" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.12" } ], "aliases": [ "CVE-2022-25273", "GHSA-g36h-4jr6-qmm9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxut-nxke-7fce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349116?format=api", "vulnerability_id": "VCID-zymc-a812-1ua5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.83322", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.83383", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25276" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25276", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25276" }, { "reference_url": "https://www.drupal.org/sa-core-2022-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-015" }, { "reference_url": "https://github.com/advisories/GHSA-4wfq-jc9h-vpcx", "reference_id": "GHSA-4wfq-jc9h-vpcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4wfq-jc9h-vpcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25669?format=api", "purl": "pkg:composer/drupal/core@9.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/25671?format=api", "purl": "pkg:composer/drupal/core@9.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3" } ], "aliases": [ "CVE-2022-25276", "GHSA-4wfq-jc9h-vpcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zymc-a812-1ua5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196859?format=api", "vulnerability_id": "VCID-qvsn-ab7h-cqc5", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68661", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68571", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13672" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://www.drupal.org/sa-core-2021-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-002" }, { "reference_url": "https://security.archlinux.org/AVG-1463", "reference_id": "AVG-1463", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1463" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672", "reference_id": "CVE-2020-13672", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13672" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml", "reference_id": "CVE-2020-13672.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3m36-mjwj-352c", "reference_id": "GHSA-3m36-mjwj-352c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3m36-mjwj-352c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19343?format=api", "purl": "pkg:composer/drupal/core@7.80.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.80.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19354?format=api", "purl": "pkg:composer/drupal/core@8.9.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-57k5-xdsf-h3ch" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-k48k-jdda-zqbh" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-v7ya-c9mf-e7dp" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-w5a9-jg34-3ubx" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-xsma-2ryf-zqd4" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/19352?format=api", "purl": "pkg:composer/drupal/core@9.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/19347?format=api", "purl": "pkg:composer/drupal/core@9.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1d2m-3ycf-3ycf" }, { "vulnerability": "VCID-1w42-v1sq-fkac" }, { "vulnerability": "VCID-227y-mp79-jydd" }, { "vulnerability": "VCID-26ck-rher-hfg4" }, { "vulnerability": "VCID-4sqe-bvj6-pkdq" }, { "vulnerability": "VCID-57k5-xdsf-h3ch" }, { "vulnerability": "VCID-7669-dguj-2qfd" }, { "vulnerability": "VCID-7sar-42a4-kqdy" }, { "vulnerability": "VCID-94he-hr4a-yygs" }, { "vulnerability": "VCID-9jxk-pzre-4kgx" }, { "vulnerability": "VCID-aqce-af3u-myd2" }, { "vulnerability": "VCID-e5uh-sqmj-qyg7" }, { "vulnerability": "VCID-ed3c-h2ww-j3gm" }, { "vulnerability": "VCID-eje5-fhmg-hbbt" }, { "vulnerability": "VCID-ggb3-jgrj-hken" }, { "vulnerability": "VCID-hdq9-fe9e-93hb" }, { "vulnerability": "VCID-k48k-jdda-zqbh" }, { "vulnerability": "VCID-nhub-1map-n3by" }, { "vulnerability": "VCID-nx17-duan-vyak" }, { "vulnerability": "VCID-rf34-12k7-xbh4" }, { "vulnerability": "VCID-tdsq-5bqr-aufq" }, { "vulnerability": "VCID-v7ya-c9mf-e7dp" }, { "vulnerability": "VCID-vpn8-qteh-9yhz" }, { "vulnerability": "VCID-w5a9-jg34-3ubx" }, { "vulnerability": "VCID-wn4r-rc6m-xbhy" }, { "vulnerability": "VCID-xrzg-mcnq-vqdb" }, { "vulnerability": "VCID-xsma-2ryf-zqd4" }, { "vulnerability": "VCID-zxut-nxke-7fce" }, { "vulnerability": "VCID-zymc-a812-1ua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7" } ], "aliases": [ "CVE-2020-13672", "GHSA-3m36-mjwj-352c" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvsn-ab7h-cqc5" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12" }