Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@8.2.4
Typecomposer
Namespacedrupal
Namecore
Version8.2.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.9.19
Latest_non_vulnerable_version11.3.7
Affected_by_vulnerabilities
0
url VCID-2989-fmjz-nkby
vulnerability_id VCID-2989-fmjz-nkby
summary 
Missing Authorization
When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6923
reference_id
reference_type
scores
0
value 0.0068
scoring_system epss
scoring_elements 0.72021
published_at 2026-06-05T12:55:00Z
1
value 0.0068
scoring_system epss
scoring_elements 0.71981
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6923
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6923.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6923.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6923.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6923.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6923
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6923
4
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
5
reference_url https://www.drupal.org/SA-CORE-2017-004
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-004
6
reference_url http://www.securityfocus.com/bid/100368
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/100368
7
reference_url http://www.securitytracker.com/id/1039200
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039200
8
reference_url https://github.com/advisories/GHSA-v3f6-f29f-rgvp
reference_id GHSA-v3f6-f29f-rgvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v3f6-f29f-rgvp
fixed_packages
0
url pkg:composer/drupal/core@8.3.0
purl pkg:composer/drupal/core@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-4pg6-hqge-wkcb
5
vulnerability VCID-5jy9-mhbb-nuh7
6
vulnerability VCID-6c6t-kmb3-2qcm
7
vulnerability VCID-7bq1-m8df-k3ba
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-ah3h-t9qa-gudr
10
vulnerability VCID-avmn-kqky-83dd
11
vulnerability VCID-dav9-pgdh-8yey
12
vulnerability VCID-e12q-qavs-qybu
13
vulnerability VCID-e8un-nbkk-cbf9
14
vulnerability VCID-es39-uyu2-myap
15
vulnerability VCID-jrhg-3271-tqdy
16
vulnerability VCID-ks17-b29e-73au
17
vulnerability VCID-myja-t33q-q3cv
18
vulnerability VCID-nacy-y1qt-5yhb
19
vulnerability VCID-pgnc-fq4m-3kaz
20
vulnerability VCID-qsuc-53pg-zkda
21
vulnerability VCID-t5ya-jzjf-ckh6
22
vulnerability VCID-tbhc-6qre-7kc5
23
vulnerability VCID-tpzm-u3qp-akc8
24
vulnerability VCID-w4ks-ufnz-vfav
25
vulnerability VCID-wsv7-je8g-sqet
26
vulnerability VCID-wszp-2es5-z7fy
27
vulnerability VCID-x34m-u169-1bce
28
vulnerability VCID-y1nb-prqc-suaj
29
vulnerability VCID-y5mz-1wsc-w3g7
30
vulnerability VCID-yygb-pp11-5udj
31
vulnerability VCID-zpeb-7dhc-9kcx
32
vulnerability VCID-zqer-y4s4-hqhy
33
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.0
1
url pkg:composer/drupal/core@8.3.7
purl pkg:composer/drupal/core@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7bq1-m8df-k3ba
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-avmn-kqky-83dd
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-e12q-qavs-qybu
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-es39-uyu2-myap
13
vulnerability VCID-jrhg-3271-tqdy
14
vulnerability VCID-myja-t33q-q3cv
15
vulnerability VCID-nacy-y1qt-5yhb
16
vulnerability VCID-pgnc-fq4m-3kaz
17
vulnerability VCID-qsuc-53pg-zkda
18
vulnerability VCID-t5ya-jzjf-ckh6
19
vulnerability VCID-tbhc-6qre-7kc5
20
vulnerability VCID-tpzm-u3qp-akc8
21
vulnerability VCID-w4ks-ufnz-vfav
22
vulnerability VCID-wsv7-je8g-sqet
23
vulnerability VCID-wszp-2es5-z7fy
24
vulnerability VCID-x34m-u169-1bce
25
vulnerability VCID-y1nb-prqc-suaj
26
vulnerability VCID-yygb-pp11-5udj
27
vulnerability VCID-zqer-y4s4-hqhy
28
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.7
aliases CVE-2017-6923, GHSA-v3f6-f29f-rgvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2989-fmjz-nkby
1
url VCID-2fas-m6vh-myhc
vulnerability_id VCID-2fas-m6vh-myhc
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41744
published_at 2026-06-04T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.4182
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
3
reference_url https://www.drupal.org/sa-core-2021-010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-010
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
reference_id CVE-2020-13677
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
6
reference_url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
reference_id GHSA-3xr3-phjp-g6p2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-ydy1-x277-1fhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13677, GHSA-3xr3-phjp-g6p2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fas-m6vh-myhc
2
url VCID-2t34-82p3-73c3
vulnerability_id VCID-2t34-82p3-73c3
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52072
published_at 2026-06-04T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.52133
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
3
reference_url https://www.drupal.org/sa-core-2021-009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-009
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
reference_id CVE-2020-13676
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
6
reference_url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
reference_id GHSA-qfhg-m6r8-xxpj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-ydy1-x277-1fhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13676, GHSA-qfhg-m6r8-xxpj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2t34-82p3-73c3
3
url VCID-31qy-vagp-83b6
vulnerability_id VCID-31qy-vagp-83b6
summary 
Exposure of Resource to Wrong Sphere
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62662
published_at 2026-06-04T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62706
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
3
reference_url https://www.drupal.org/sa-core-2020-011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-011
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
reference_id CVE-2020-13670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
7
reference_url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
reference_id GHSA-mmjr-5q74-p3m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-5jy9-mhbb-nuh7
3
vulnerability VCID-7v89-2sss-hfaz
4
vulnerability VCID-9dfs-rpqy-6kfa
5
vulnerability VCID-dav9-pgdh-8yey
6
vulnerability VCID-tpzm-u3qp-akc8
7
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-5jy9-mhbb-nuh7
3
vulnerability VCID-67da-qxh5-aydx
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-9dfs-rpqy-6kfa
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-tpzm-u3qp-akc8
8
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jy9-mhbb-nuh7
1
vulnerability VCID-67da-qxh5-aydx
2
vulnerability VCID-9dfs-rpqy-6kfa
3
vulnerability VCID-tpzm-u3qp-akc8
4
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13670, GHSA-mmjr-5q74-p3m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31qy-vagp-83b6
4
url VCID-4dpp-gg2v-q3et
vulnerability_id VCID-4dpp-gg2v-q3et
summary 
Cross-site Scripting
XSS vulnerabiltiy in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-003
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-003
fixed_packages
0
url pkg:composer/drupal/core@8.4.7
purl pkg:composer/drupal/core@8.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-avmn-kqky-83dd
7
vulnerability VCID-dav9-pgdh-8yey
8
vulnerability VCID-e12q-qavs-qybu
9
vulnerability VCID-e8un-nbkk-cbf9
10
vulnerability VCID-jrhg-3271-tqdy
11
vulnerability VCID-myja-t33q-q3cv
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-pgnc-fq4m-3kaz
14
vulnerability VCID-qsuc-53pg-zkda
15
vulnerability VCID-tpzm-u3qp-akc8
16
vulnerability VCID-wsv7-je8g-sqet
17
vulnerability VCID-wszp-2es5-z7fy
18
vulnerability VCID-x34m-u169-1bce
19
vulnerability VCID-yygb-pp11-5udj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.7
1
url pkg:composer/drupal/core@8.5.0-alpha1
purl pkg:composer/drupal/core@8.5.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-avmn-kqky-83dd
7
vulnerability VCID-dav9-pgdh-8yey
8
vulnerability VCID-e12q-qavs-qybu
9
vulnerability VCID-e8un-nbkk-cbf9
10
vulnerability VCID-jrhg-3271-tqdy
11
vulnerability VCID-myja-t33q-q3cv
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-pgnc-fq4m-3kaz
14
vulnerability VCID-qsuc-53pg-zkda
15
vulnerability VCID-tpzm-u3qp-akc8
16
vulnerability VCID-wsv7-je8g-sqet
17
vulnerability VCID-wszp-2es5-z7fy
18
vulnerability VCID-x34m-u169-1bce
19
vulnerability VCID-yygb-pp11-5udj
20
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.0-alpha1
2
url pkg:composer/drupal/core@8.5.2
purl pkg:composer/drupal/core@8.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-jrhg-3271-tqdy
13
vulnerability VCID-myja-t33q-q3cv
14
vulnerability VCID-nacy-y1qt-5yhb
15
vulnerability VCID-pgnc-fq4m-3kaz
16
vulnerability VCID-qsuc-53pg-zkda
17
vulnerability VCID-tpzm-u3qp-akc8
18
vulnerability VCID-wsv7-je8g-sqet
19
vulnerability VCID-wszp-2es5-z7fy
20
vulnerability VCID-x34m-u169-1bce
21
vulnerability VCID-yygb-pp11-5udj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.2
aliases GMS-2018-51
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dpp-gg2v-q3et
5
url VCID-4pg6-hqge-wkcb
vulnerability_id VCID-4pg6-hqge-wkcb
summary 
File REST resource does not properly validate
The file REST resource does not properly validate some fields when manipulating files. the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6921
reference_id
reference_type
scores
0
value 0.00441
scoring_system epss
scoring_elements 0.63541
published_at 2026-06-04T12:55:00Z
1
value 0.00441
scoring_system epss
scoring_elements 0.63584
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6921
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6921
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6921
5
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
6
reference_url https://www.drupal.org/SA-CORE-2017-003
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-003
7
reference_url http://www.securityfocus.com/bid/99222
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99222
8
reference_url http://www.securitytracker.com/id/1038781
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038781
9
reference_url https://github.com/advisories/GHSA-h377-287m-w2r9
reference_id GHSA-h377-287m-w2r9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h377-287m-w2r9
fixed_packages
0
url pkg:composer/drupal/core@8.3.4
purl pkg:composer/drupal/core@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7bq1-m8df-k3ba
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-ah3h-t9qa-gudr
9
vulnerability VCID-avmn-kqky-83dd
10
vulnerability VCID-dav9-pgdh-8yey
11
vulnerability VCID-e12q-qavs-qybu
12
vulnerability VCID-e8un-nbkk-cbf9
13
vulnerability VCID-es39-uyu2-myap
14
vulnerability VCID-jrhg-3271-tqdy
15
vulnerability VCID-myja-t33q-q3cv
16
vulnerability VCID-nacy-y1qt-5yhb
17
vulnerability VCID-pgnc-fq4m-3kaz
18
vulnerability VCID-qsuc-53pg-zkda
19
vulnerability VCID-t5ya-jzjf-ckh6
20
vulnerability VCID-tbhc-6qre-7kc5
21
vulnerability VCID-tpzm-u3qp-akc8
22
vulnerability VCID-w4ks-ufnz-vfav
23
vulnerability VCID-wsv7-je8g-sqet
24
vulnerability VCID-wszp-2es5-z7fy
25
vulnerability VCID-x34m-u169-1bce
26
vulnerability VCID-y1nb-prqc-suaj
27
vulnerability VCID-yygb-pp11-5udj
28
vulnerability VCID-zqer-y4s4-hqhy
29
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.4
aliases CVE-2017-6921, GHSA-h377-287m-w2r9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pg6-hqge-wkcb
6
url VCID-5jy9-mhbb-nuh7
vulnerability_id VCID-5jy9-mhbb-nuh7
summary 
Deserialization of Untrusted Data
Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
reference_id
reference_type
scores
0
value 0.76873
scoring_system epss
scoring_elements 0.98976
published_at 2026-06-05T12:55:00Z
1
value 0.76873
scoring_system epss
scoring_elements 0.98975
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
4
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
5
reference_url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
6
reference_url https://github.com/pear/Archive_Tar/issues/33
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/issues/33
7
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
14
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-23
15
reference_url https://www.debian.org/security/2020/dsa-4817
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4817
16
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
reference_id 1904001
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id 976108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
reference_id CVE-2020-28948
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
20
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
21
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
22
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
23
reference_url https://usn.ubuntu.com/4654-1/
reference_id USN-4654-1
reference_type
scores
url https://usn.ubuntu.com/4654-1/
24
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
25
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@8.9.10
purl pkg:composer/drupal/core@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-67da-qxh5-aydx
3
vulnerability VCID-7v89-2sss-hfaz
4
vulnerability VCID-dav9-pgdh-8yey
5
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10
1
url pkg:composer/drupal/core@9.0.0-alpha1
purl pkg:composer/drupal/core@9.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1
2
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-67da-qxh5-aydx
1
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
3
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
aliases CVE-2020-28948, GHSA-jh5x-hfhg-78jq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jy9-mhbb-nuh7
7
url VCID-6c6t-kmb3-2qcm
vulnerability_id VCID-6c6t-kmb3-2qcm
summary 
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.58063
published_at 2026-06-04T12:55:00Z
1
value 0.00355
scoring_system epss
scoring_elements 0.58114
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
13
reference_url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
14
reference_url https://www.drupal.org/sa-core-2019-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-005
15
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
17
reference_url https://symfony.com/cve-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10909
18
reference_url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
reference_id CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
19
reference_url https://github.com/advisories/GHSA-g996-q5r8-w7g2
reference_id GHSA-g996-q5r8-w7g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g996-q5r8-w7g2
fixed_packages
0
url pkg:composer/drupal/core@8.5.15
purl pkg:composer/drupal/core@8.5.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-avmn-kqky-83dd
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-nacy-y1qt-5yhb
8
vulnerability VCID-tpzm-u3qp-akc8
9
vulnerability VCID-wsv7-je8g-sqet
10
vulnerability VCID-wszp-2es5-z7fy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.15
1
url pkg:composer/drupal/core@8.6.15
purl pkg:composer/drupal/core@8.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-avmn-kqky-83dd
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-nacy-y1qt-5yhb
8
vulnerability VCID-tpzm-u3qp-akc8
9
vulnerability VCID-wsv7-je8g-sqet
10
vulnerability VCID-wszp-2es5-z7fy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.15
aliases CVE-2019-10909, GHSA-g996-q5r8-w7g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6c6t-kmb3-2qcm
8
url VCID-7bq1-m8df-k3ba
vulnerability_id VCID-7bq1-m8df-k3ba
summary 
Language fallback can be incorrect on multilingual sites with node access restrictions
When using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records(). Note that the update will mark the node access tables as needing a rebuild, which will take a long time on sites with a large number of nodes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6930
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.62509
published_at 2026-06-04T12:55:00Z
1
value 0.00424
scoring_system epss
scoring_elements 0.62554
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6930
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6930
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6930
5
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
6
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
7
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7v89-2sss-hfaz
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e8un-nbkk-cbf9
11
vulnerability VCID-jrhg-3271-tqdy
12
vulnerability VCID-myja-t33q-q3cv
13
vulnerability VCID-nacy-y1qt-5yhb
14
vulnerability VCID-pgnc-fq4m-3kaz
15
vulnerability VCID-qsuc-53pg-zkda
16
vulnerability VCID-tpzm-u3qp-akc8
17
vulnerability VCID-wsv7-je8g-sqet
18
vulnerability VCID-wszp-2es5-z7fy
19
vulnerability VCID-x34m-u169-1bce
20
vulnerability VCID-y1nb-prqc-suaj
21
vulnerability VCID-yygb-pp11-5udj
22
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6930, GHSA-3327-jr93-7hq3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bq1-m8df-k3ba
9
url VCID-7v89-2sss-hfaz
vulnerability_id VCID-7v89-2sss-hfaz
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.3383
published_at 2026-06-04T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.33934
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
3
reference_url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
4
reference_url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
5
reference_url https://www.drupal.org/sa-core-2021-007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-007
6
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
reference_id CVE-2020-13674
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
8
reference_url https://github.com/advisories/GHSA-j586-cj67-vg4p
reference_id GHSA-j586-cj67-vg4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j586-cj67-vg4p
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-ydy1-x277-1fhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13674, GHSA-j586-cj67-vg4p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v89-2sss-hfaz
10
url VCID-ah3h-t9qa-gudr
vulnerability_id VCID-ah3h-t9qa-gudr
summary 
Entity Access Bypass
In versions of Drupal 8 core ; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6925
reference_id
reference_type
scores
0
value 0.00617
scoring_system epss
scoring_elements 0.70317
published_at 2026-06-04T12:55:00Z
1
value 0.00617
scoring_system epss
scoring_elements 0.70358
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6925
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6925.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6925.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6925.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6925.yaml
4
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
5
reference_url https://www.drupal.org/SA-CORE-2017-004
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-004
6
reference_url http://www.securityfocus.com/bid/100368
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/100368
7
reference_url http://www.securitytracker.com/id/1039200
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039200
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6925
reference_id CVE-2017-6925
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6925
fixed_packages
0
url pkg:composer/drupal/core@8.3.7
purl pkg:composer/drupal/core@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7bq1-m8df-k3ba
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-avmn-kqky-83dd
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-e12q-qavs-qybu
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-es39-uyu2-myap
13
vulnerability VCID-jrhg-3271-tqdy
14
vulnerability VCID-myja-t33q-q3cv
15
vulnerability VCID-nacy-y1qt-5yhb
16
vulnerability VCID-pgnc-fq4m-3kaz
17
vulnerability VCID-qsuc-53pg-zkda
18
vulnerability VCID-t5ya-jzjf-ckh6
19
vulnerability VCID-tbhc-6qre-7kc5
20
vulnerability VCID-tpzm-u3qp-akc8
21
vulnerability VCID-w4ks-ufnz-vfav
22
vulnerability VCID-wsv7-je8g-sqet
23
vulnerability VCID-wszp-2es5-z7fy
24
vulnerability VCID-x34m-u169-1bce
25
vulnerability VCID-y1nb-prqc-suaj
26
vulnerability VCID-yygb-pp11-5udj
27
vulnerability VCID-zqer-y4s4-hqhy
28
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.7
aliases CVE-2017-6925, GHSA-f4qx-jqfq-7785
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ah3h-t9qa-gudr
11
url VCID-avmn-kqky-83dd
vulnerability_id VCID-avmn-kqky-83dd
summary 
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42349
published_at 2026-06-04T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42424
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-010
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
reference_id CVE-2020-13669
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
6
reference_url https://github.com/advisories/GHSA-c533-c843-67h8
reference_id GHSA-c533-c843-67h8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c533-c843-67h8
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-5jy9-mhbb-nuh7
3
vulnerability VCID-7v89-2sss-hfaz
4
vulnerability VCID-9dfs-rpqy-6kfa
5
vulnerability VCID-dav9-pgdh-8yey
6
vulnerability VCID-tpzm-u3qp-akc8
7
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-5jy9-mhbb-nuh7
3
vulnerability VCID-67da-qxh5-aydx
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-9dfs-rpqy-6kfa
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-tpzm-u3qp-akc8
8
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jy9-mhbb-nuh7
1
vulnerability VCID-67da-qxh5-aydx
2
vulnerability VCID-9dfs-rpqy-6kfa
3
vulnerability VCID-tpzm-u3qp-akc8
4
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13669, GHSA-c533-c843-67h8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avmn-kqky-83dd
12
url VCID-dav9-pgdh-8yey
vulnerability_id VCID-dav9-pgdh-8yey
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
reference_id
reference_type
scores
0
value 0.00797
scoring_system epss
scoring_elements 0.74383
published_at 2026-06-05T12:55:00Z
1
value 0.00797
scoring_system epss
scoring_elements 0.7435
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-008
3
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
reference_id CVE-2020-13675
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
5
reference_url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
reference_id GHSA-v8wr-r69p-mmwx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-ydy1-x277-1fhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13675, GHSA-v8wr-r69p-mmwx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dav9-pgdh-8yey
13
url VCID-e12q-qavs-qybu
vulnerability_id VCID-e12q-qavs-qybu
summary Cross-site Scripting vulnerability in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2019-004
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2019-004
fixed_packages
0
url pkg:composer/drupal/core@8.6.12
purl pkg:composer/drupal/core@8.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e69p-v2ws-vufj
10
vulnerability VCID-nacy-y1qt-5yhb
11
vulnerability VCID-tpzm-u3qp-akc8
12
vulnerability VCID-wsv7-je8g-sqet
13
vulnerability VCID-wszp-2es5-z7fy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.12
aliases GMS-2019-147
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e12q-qavs-qybu
14
url VCID-e8un-nbkk-cbf9
vulnerability_id VCID-e8un-nbkk-cbf9
summary 
Deserialization of Untrusted Data
Drupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6338
reference_id
reference_type
scores
0
value 0.01047
scoring_system epss
scoring_elements 0.77876
published_at 2026-06-05T12:55:00Z
1
value 0.01047
scoring_system epss
scoring_elements 0.77849
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6338
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6338
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6338
6
reference_url https://www.debian.org/security/2019/dsa-4370
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4370
7
reference_url https://www.drupal.org/sa-core-2019-001
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-001
8
reference_url http://www.securityfocus.com/bid/106706
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106706
9
reference_url https://github.com/advisories/GHSA-6rmq-x2hv-vxpp
reference_id GHSA-6rmq-x2hv-vxpp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6rmq-x2hv-vxpp
fixed_packages
0
url pkg:composer/drupal/core@8.6.6
purl pkg:composer/drupal/core@8.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-nacy-y1qt-5yhb
12
vulnerability VCID-tpzm-u3qp-akc8
13
vulnerability VCID-wsv7-je8g-sqet
14
vulnerability VCID-wszp-2es5-z7fy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6
aliases CVE-2019-6338, GHSA-6rmq-x2hv-vxpp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8un-nbkk-cbf9
15
url VCID-es39-uyu2-myap
vulnerability_id VCID-es39-uyu2-myap
summary 
JavaScript cross-site scripting prevention is incomplete
Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6927
reference_id
reference_type
scores
0
value 0.0139
scoring_system epss
scoring_elements 0.80691
published_at 2026-06-04T12:55:00Z
1
value 0.0139
scoring_system epss
scoring_elements 0.80718
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6927
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932
5
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6927
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6927
10
reference_url https://www.debian.org/security/2018/dsa-4123
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4123
11
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
12
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
13
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927
14
reference_url http://www.securityfocus.com/bid/103138
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103138
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7v89-2sss-hfaz
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e8un-nbkk-cbf9
11
vulnerability VCID-jrhg-3271-tqdy
12
vulnerability VCID-myja-t33q-q3cv
13
vulnerability VCID-nacy-y1qt-5yhb
14
vulnerability VCID-pgnc-fq4m-3kaz
15
vulnerability VCID-qsuc-53pg-zkda
16
vulnerability VCID-tpzm-u3qp-akc8
17
vulnerability VCID-wsv7-je8g-sqet
18
vulnerability VCID-wszp-2es5-z7fy
19
vulnerability VCID-x34m-u169-1bce
20
vulnerability VCID-y1nb-prqc-suaj
21
vulnerability VCID-yygb-pp11-5udj
22
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6927, GHSA-585j-5449-mf5m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-es39-uyu2-myap
16
url VCID-jrhg-3271-tqdy
vulnerability_id VCID-jrhg-3271-tqdy
summary 
Improper Access Control
In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-tpzm-u3qp-akc8
14
vulnerability VCID-wsv7-je8g-sqet
15
vulnerability VCID-wszp-2es5-z7fy
16
vulnerability VCID-x34m-u169-1bce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-56
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrhg-3271-tqdy
17
url VCID-ks17-b29e-73au
vulnerability_id VCID-ks17-b29e-73au
summary 
Access Bypass
This is a critical access bypass vulnerability in Drupal.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6919
reference_id
reference_type
scores
0
value 0.00598
scoring_system epss
scoring_elements 0.69814
published_at 2026-06-05T12:55:00Z
1
value 0.00598
scoring_system epss
scoring_elements 0.69775
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6919
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6919.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6919.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6919.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6919.yaml
4
reference_url https://groups.drupal.org/node/516645
reference_id
reference_type
scores
url https://groups.drupal.org/node/516645
5
reference_url https://www.drupal.org/SA-2017-002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-2017-002
6
reference_url https://www.drupal.org/SA-CORE-2017-002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-002
7
reference_url http://www.securityfocus.com/bid/97941
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/97941
8
reference_url http://www.securitytracker.com/id/1038371
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038371
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6919
reference_id CVE-2017-6919
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6919
fixed_packages
0
url pkg:composer/drupal/core@8.2.8
purl pkg:composer/drupal/core@8.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-4dpp-gg2v-q3et
5
vulnerability VCID-4pg6-hqge-wkcb
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6c6t-kmb3-2qcm
8
vulnerability VCID-7bq1-m8df-k3ba
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-ah3h-t9qa-gudr
11
vulnerability VCID-avmn-kqky-83dd
12
vulnerability VCID-dav9-pgdh-8yey
13
vulnerability VCID-e12q-qavs-qybu
14
vulnerability VCID-e8un-nbkk-cbf9
15
vulnerability VCID-es39-uyu2-myap
16
vulnerability VCID-jrhg-3271-tqdy
17
vulnerability VCID-mm13-6dhq-nqfb
18
vulnerability VCID-myja-t33q-q3cv
19
vulnerability VCID-nacy-y1qt-5yhb
20
vulnerability VCID-pgnc-fq4m-3kaz
21
vulnerability VCID-qsuc-53pg-zkda
22
vulnerability VCID-t5ya-jzjf-ckh6
23
vulnerability VCID-tbhc-6qre-7kc5
24
vulnerability VCID-tpzm-u3qp-akc8
25
vulnerability VCID-w4ks-ufnz-vfav
26
vulnerability VCID-wsv7-je8g-sqet
27
vulnerability VCID-wszp-2es5-z7fy
28
vulnerability VCID-x34m-u169-1bce
29
vulnerability VCID-y1nb-prqc-suaj
30
vulnerability VCID-y5mz-1wsc-w3g7
31
vulnerability VCID-yygb-pp11-5udj
32
vulnerability VCID-zpeb-7dhc-9kcx
33
vulnerability VCID-zqer-y4s4-hqhy
34
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.8
1
url pkg:composer/drupal/core@8.3.1
purl pkg:composer/drupal/core@8.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-4pg6-hqge-wkcb
5
vulnerability VCID-5jy9-mhbb-nuh7
6
vulnerability VCID-6c6t-kmb3-2qcm
7
vulnerability VCID-7bq1-m8df-k3ba
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-ah3h-t9qa-gudr
10
vulnerability VCID-avmn-kqky-83dd
11
vulnerability VCID-dav9-pgdh-8yey
12
vulnerability VCID-e12q-qavs-qybu
13
vulnerability VCID-e8un-nbkk-cbf9
14
vulnerability VCID-es39-uyu2-myap
15
vulnerability VCID-jrhg-3271-tqdy
16
vulnerability VCID-myja-t33q-q3cv
17
vulnerability VCID-nacy-y1qt-5yhb
18
vulnerability VCID-pgnc-fq4m-3kaz
19
vulnerability VCID-qsuc-53pg-zkda
20
vulnerability VCID-t5ya-jzjf-ckh6
21
vulnerability VCID-tbhc-6qre-7kc5
22
vulnerability VCID-tpzm-u3qp-akc8
23
vulnerability VCID-w4ks-ufnz-vfav
24
vulnerability VCID-wsv7-je8g-sqet
25
vulnerability VCID-wszp-2es5-z7fy
26
vulnerability VCID-x34m-u169-1bce
27
vulnerability VCID-y1nb-prqc-suaj
28
vulnerability VCID-y5mz-1wsc-w3g7
29
vulnerability VCID-yygb-pp11-5udj
30
vulnerability VCID-zpeb-7dhc-9kcx
31
vulnerability VCID-zqer-y4s4-hqhy
32
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.1
aliases CVE-2017-6919, GHSA-6hpj-9xj7-2jxx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ks17-b29e-73au
18
url VCID-mm13-6dhq-nqfb
vulnerability_id VCID-mm13-6dhq-nqfb
summary 
Improper Privilege Management
When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6924
reference_id
reference_type
scores
0
value 0.00464
scoring_system epss
scoring_elements 0.64721
published_at 2026-06-05T12:55:00Z
1
value 0.00464
scoring_system epss
scoring_elements 0.6468
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6924
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6924.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6924.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6924.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6924.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6924
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6924
5
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
6
reference_url https://www.drupal.org/SA-CORE-2017-004
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-004
7
reference_url http://www.securityfocus.com/bid/100368
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/100368
8
reference_url http://www.securitytracker.com/id/1039200
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039200
9
reference_url https://github.com/advisories/GHSA-p8g6-5mg7-9r5q
reference_id GHSA-p8g6-5mg7-9r5q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p8g6-5mg7-9r5q
fixed_packages
0
url pkg:composer/drupal/core@8.3.0
purl pkg:composer/drupal/core@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-4pg6-hqge-wkcb
5
vulnerability VCID-5jy9-mhbb-nuh7
6
vulnerability VCID-6c6t-kmb3-2qcm
7
vulnerability VCID-7bq1-m8df-k3ba
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-ah3h-t9qa-gudr
10
vulnerability VCID-avmn-kqky-83dd
11
vulnerability VCID-dav9-pgdh-8yey
12
vulnerability VCID-e12q-qavs-qybu
13
vulnerability VCID-e8un-nbkk-cbf9
14
vulnerability VCID-es39-uyu2-myap
15
vulnerability VCID-jrhg-3271-tqdy
16
vulnerability VCID-ks17-b29e-73au
17
vulnerability VCID-myja-t33q-q3cv
18
vulnerability VCID-nacy-y1qt-5yhb
19
vulnerability VCID-pgnc-fq4m-3kaz
20
vulnerability VCID-qsuc-53pg-zkda
21
vulnerability VCID-t5ya-jzjf-ckh6
22
vulnerability VCID-tbhc-6qre-7kc5
23
vulnerability VCID-tpzm-u3qp-akc8
24
vulnerability VCID-w4ks-ufnz-vfav
25
vulnerability VCID-wsv7-je8g-sqet
26
vulnerability VCID-wszp-2es5-z7fy
27
vulnerability VCID-x34m-u169-1bce
28
vulnerability VCID-y1nb-prqc-suaj
29
vulnerability VCID-y5mz-1wsc-w3g7
30
vulnerability VCID-yygb-pp11-5udj
31
vulnerability VCID-zpeb-7dhc-9kcx
32
vulnerability VCID-zqer-y4s4-hqhy
33
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.0
1
url pkg:composer/drupal/core@8.3.7
purl pkg:composer/drupal/core@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7bq1-m8df-k3ba
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-avmn-kqky-83dd
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-e12q-qavs-qybu
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-es39-uyu2-myap
13
vulnerability VCID-jrhg-3271-tqdy
14
vulnerability VCID-myja-t33q-q3cv
15
vulnerability VCID-nacy-y1qt-5yhb
16
vulnerability VCID-pgnc-fq4m-3kaz
17
vulnerability VCID-qsuc-53pg-zkda
18
vulnerability VCID-t5ya-jzjf-ckh6
19
vulnerability VCID-tbhc-6qre-7kc5
20
vulnerability VCID-tpzm-u3qp-akc8
21
vulnerability VCID-w4ks-ufnz-vfav
22
vulnerability VCID-wsv7-je8g-sqet
23
vulnerability VCID-wszp-2es5-z7fy
24
vulnerability VCID-x34m-u169-1bce
25
vulnerability VCID-y1nb-prqc-suaj
26
vulnerability VCID-yygb-pp11-5udj
27
vulnerability VCID-zqer-y4s4-hqhy
28
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.7
aliases CVE-2017-6924, GHSA-p8g6-5mg7-9r5q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mm13-6dhq-nqfb
19
url VCID-myja-t33q-q3cv
vulnerability_id VCID-myja-t33q-q3cv
summary Improper Access Control in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-tpzm-u3qp-akc8
14
vulnerability VCID-wsv7-je8g-sqet
15
vulnerability VCID-wszp-2es5-z7fy
16
vulnerability VCID-x34m-u169-1bce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-52
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myja-t33q-q3cv
20
url VCID-nacy-y1qt-5yhb
vulnerability_id VCID-nacy-y1qt-5yhb
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44935
published_at 2026-06-04T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.45004
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
3
reference_url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
4
reference_url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
5
reference_url https://www.drupal.org/sa-core-2020-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-009
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
reference_id CVE-2020-13668
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
9
reference_url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
reference_id GHSA-m6q5-wv4x-fv6h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-5jy9-mhbb-nuh7
3
vulnerability VCID-7v89-2sss-hfaz
4
vulnerability VCID-9dfs-rpqy-6kfa
5
vulnerability VCID-dav9-pgdh-8yey
6
vulnerability VCID-tpzm-u3qp-akc8
7
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-5jy9-mhbb-nuh7
3
vulnerability VCID-67da-qxh5-aydx
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-9dfs-rpqy-6kfa
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-tpzm-u3qp-akc8
8
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jy9-mhbb-nuh7
1
vulnerability VCID-67da-qxh5-aydx
2
vulnerability VCID-9dfs-rpqy-6kfa
3
vulnerability VCID-tpzm-u3qp-akc8
4
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13668, GHSA-m6q5-wv4x-fv6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nacy-y1qt-5yhb
21
url VCID-nwdx-mgsc-s3f3
vulnerability_id VCID-nwdx-mgsc-s3f3
summary 
Cross Site Request Forgery
Some administrative paths did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6379
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40821
published_at 2026-06-05T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.40743
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6379
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6379.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6379.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6379.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6379.yaml
4
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-2017-001
5
reference_url http://www.securityfocus.com/bid/96919
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96919
6
reference_url http://www.securitytracker.com/id/1038058
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038058
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6379
reference_id CVE-2017-6379
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6379
fixed_packages
0
url pkg:composer/drupal/core@8.2.7
purl pkg:composer/drupal/core@8.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-4dpp-gg2v-q3et
5
vulnerability VCID-4pg6-hqge-wkcb
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6c6t-kmb3-2qcm
8
vulnerability VCID-7bq1-m8df-k3ba
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-ah3h-t9qa-gudr
11
vulnerability VCID-avmn-kqky-83dd
12
vulnerability VCID-dav9-pgdh-8yey
13
vulnerability VCID-e12q-qavs-qybu
14
vulnerability VCID-e8un-nbkk-cbf9
15
vulnerability VCID-es39-uyu2-myap
16
vulnerability VCID-jrhg-3271-tqdy
17
vulnerability VCID-ks17-b29e-73au
18
vulnerability VCID-mm13-6dhq-nqfb
19
vulnerability VCID-myja-t33q-q3cv
20
vulnerability VCID-nacy-y1qt-5yhb
21
vulnerability VCID-pgnc-fq4m-3kaz
22
vulnerability VCID-qsuc-53pg-zkda
23
vulnerability VCID-t5ya-jzjf-ckh6
24
vulnerability VCID-tbhc-6qre-7kc5
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-w4ks-ufnz-vfav
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-wszp-2es5-z7fy
29
vulnerability VCID-x34m-u169-1bce
30
vulnerability VCID-y1nb-prqc-suaj
31
vulnerability VCID-y5mz-1wsc-w3g7
32
vulnerability VCID-yygb-pp11-5udj
33
vulnerability VCID-zpeb-7dhc-9kcx
34
vulnerability VCID-zqer-y4s4-hqhy
35
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.7
aliases CVE-2017-6379, GHSA-gxxq-fhc7-3jv9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwdx-mgsc-s3f3
22
url VCID-pgnc-fq4m-3kaz
vulnerability_id VCID-pgnc-fq4m-3kaz
summary 
URL Redirection to Untrusted Site ('Open Redirect')
Anonymous Open Redirect in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-tpzm-u3qp-akc8
14
vulnerability VCID-wsv7-je8g-sqet
15
vulnerability VCID-wszp-2es5-z7fy
16
vulnerability VCID-x34m-u169-1bce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-54
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgnc-fq4m-3kaz
23
url VCID-qsuc-53pg-zkda
vulnerability_id VCID-qsuc-53pg-zkda
summary 
Code Injection
Injection in `DefaultMailSystem::mail()`.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-tpzm-u3qp-akc8
14
vulnerability VCID-wsv7-je8g-sqet
15
vulnerability VCID-wszp-2es5-z7fy
16
vulnerability VCID-x34m-u169-1bce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-55
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsuc-53pg-zkda
24
url VCID-t5ya-jzjf-ckh6
vulnerability_id VCID-t5ya-jzjf-ckh6
summary 
Settings Tray access bypass
In Drupal, the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6931
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.39331
published_at 2026-06-05T12:55:00Z
1
value 0.00179
scoring_system epss
scoring_elements 0.39242
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6931
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6931
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6931
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6931.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6931.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6931.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6931.yaml
5
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
6
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6931
reference_id CVE-2017-6931
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6931
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7v89-2sss-hfaz
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e8un-nbkk-cbf9
11
vulnerability VCID-jrhg-3271-tqdy
12
vulnerability VCID-myja-t33q-q3cv
13
vulnerability VCID-nacy-y1qt-5yhb
14
vulnerability VCID-pgnc-fq4m-3kaz
15
vulnerability VCID-qsuc-53pg-zkda
16
vulnerability VCID-tpzm-u3qp-akc8
17
vulnerability VCID-wsv7-je8g-sqet
18
vulnerability VCID-wszp-2es5-z7fy
19
vulnerability VCID-x34m-u169-1bce
20
vulnerability VCID-y1nb-prqc-suaj
21
vulnerability VCID-yygb-pp11-5udj
22
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6931, GHSA-7ffh-cjvg-fpr4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5ya-jzjf-ckh6
25
url VCID-tbhc-6qre-7kc5
vulnerability_id VCID-tbhc-6qre-7kc5
summary 
Comment reply form allows access to restricted content
Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6926
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58843
published_at 2026-06-04T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.5889
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6926
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6926
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6926
6
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
7
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7v89-2sss-hfaz
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e8un-nbkk-cbf9
11
vulnerability VCID-jrhg-3271-tqdy
12
vulnerability VCID-myja-t33q-q3cv
13
vulnerability VCID-nacy-y1qt-5yhb
14
vulnerability VCID-pgnc-fq4m-3kaz
15
vulnerability VCID-qsuc-53pg-zkda
16
vulnerability VCID-tpzm-u3qp-akc8
17
vulnerability VCID-wsv7-je8g-sqet
18
vulnerability VCID-wszp-2es5-z7fy
19
vulnerability VCID-x34m-u169-1bce
20
vulnerability VCID-y1nb-prqc-suaj
21
vulnerability VCID-yygb-pp11-5udj
22
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6926, GHSA-2p28-5mvp-2j2r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbhc-6qre-7kc5
26
url VCID-tbk2-zprq-27c8
vulnerability_id VCID-tbk2-zprq-27c8
summary 
Remote code execution
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your production deployments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6381
reference_id
reference_type
scores
0
value 0.03314
scoring_system epss
scoring_elements 0.87506
published_at 2026-06-05T12:55:00Z
1
value 0.03314
scoring_system epss
scoring_elements 0.87484
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6381
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6381.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6381.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6381.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6381.yaml
4
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-2017-001
5
reference_url http://www.securityfocus.com/bid/96919
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96919
6
reference_url http://www.securitytracker.com/id/1038058
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038058
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6381
reference_id CVE-2017-6381
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6381
fixed_packages
0
url pkg:composer/drupal/core@8.2.7
purl pkg:composer/drupal/core@8.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-4dpp-gg2v-q3et
5
vulnerability VCID-4pg6-hqge-wkcb
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6c6t-kmb3-2qcm
8
vulnerability VCID-7bq1-m8df-k3ba
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-ah3h-t9qa-gudr
11
vulnerability VCID-avmn-kqky-83dd
12
vulnerability VCID-dav9-pgdh-8yey
13
vulnerability VCID-e12q-qavs-qybu
14
vulnerability VCID-e8un-nbkk-cbf9
15
vulnerability VCID-es39-uyu2-myap
16
vulnerability VCID-jrhg-3271-tqdy
17
vulnerability VCID-ks17-b29e-73au
18
vulnerability VCID-mm13-6dhq-nqfb
19
vulnerability VCID-myja-t33q-q3cv
20
vulnerability VCID-nacy-y1qt-5yhb
21
vulnerability VCID-pgnc-fq4m-3kaz
22
vulnerability VCID-qsuc-53pg-zkda
23
vulnerability VCID-t5ya-jzjf-ckh6
24
vulnerability VCID-tbhc-6qre-7kc5
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-w4ks-ufnz-vfav
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-wszp-2es5-z7fy
29
vulnerability VCID-x34m-u169-1bce
30
vulnerability VCID-y1nb-prqc-suaj
31
vulnerability VCID-y5mz-1wsc-w3g7
32
vulnerability VCID-yygb-pp11-5udj
33
vulnerability VCID-zpeb-7dhc-9kcx
34
vulnerability VCID-zqer-y4s4-hqhy
35
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.7
aliases CVE-2017-6381, GHSA-rhx9-3qf7-r3j7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbk2-zprq-27c8
27
url VCID-tpzm-u3qp-akc8
vulnerability_id VCID-tpzm-u3qp-akc8
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.6851
published_at 2026-06-05T12:55:00Z
1
value 0.00555
scoring_system epss
scoring_elements 0.68469
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-002
3
reference_url https://security.archlinux.org/AVG-1463
reference_id AVG-1463
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1463
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
reference_id CVE-2020-13672
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
7
reference_url https://github.com/advisories/GHSA-3m36-mjwj-352c
reference_id GHSA-3m36-mjwj-352c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3m36-mjwj-352c
fixed_packages
0
url pkg:composer/drupal/core@8.9.14
purl pkg:composer/drupal/core@8.9.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-7v89-2sss-hfaz
3
vulnerability VCID-dav9-pgdh-8yey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14
1
url pkg:composer/drupal/core@9.0.12
purl pkg:composer/drupal/core@9.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12
2
url pkg:composer/drupal/core@9.1.7
purl pkg:composer/drupal/core@9.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-7v89-2sss-hfaz
3
vulnerability VCID-dav9-pgdh-8yey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7
aliases CVE-2020-13672, GHSA-3m36-mjwj-352c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpzm-u3qp-akc8
28
url VCID-uvmv-j9kx-jfeq
vulnerability_id VCID-uvmv-j9kx-jfeq
summary 
Access Bypass
When adding a private file via the editor in Drupal, the editor will not correctly check access for the file being attached, resulting in an access bypass.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6377
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52528
published_at 2026-06-05T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52468
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6377
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6377.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6377.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6377.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6377.yaml
4
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-2017-001
5
reference_url http://www.securityfocus.com/bid/96919
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96919
6
reference_url http://www.securitytracker.com/id/1038058
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038058
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6377
reference_id CVE-2017-6377
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6377
fixed_packages
0
url pkg:composer/drupal/core@8.2.7
purl pkg:composer/drupal/core@8.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-4dpp-gg2v-q3et
5
vulnerability VCID-4pg6-hqge-wkcb
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6c6t-kmb3-2qcm
8
vulnerability VCID-7bq1-m8df-k3ba
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-ah3h-t9qa-gudr
11
vulnerability VCID-avmn-kqky-83dd
12
vulnerability VCID-dav9-pgdh-8yey
13
vulnerability VCID-e12q-qavs-qybu
14
vulnerability VCID-e8un-nbkk-cbf9
15
vulnerability VCID-es39-uyu2-myap
16
vulnerability VCID-jrhg-3271-tqdy
17
vulnerability VCID-ks17-b29e-73au
18
vulnerability VCID-mm13-6dhq-nqfb
19
vulnerability VCID-myja-t33q-q3cv
20
vulnerability VCID-nacy-y1qt-5yhb
21
vulnerability VCID-pgnc-fq4m-3kaz
22
vulnerability VCID-qsuc-53pg-zkda
23
vulnerability VCID-t5ya-jzjf-ckh6
24
vulnerability VCID-tbhc-6qre-7kc5
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-w4ks-ufnz-vfav
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-wszp-2es5-z7fy
29
vulnerability VCID-x34m-u169-1bce
30
vulnerability VCID-y1nb-prqc-suaj
31
vulnerability VCID-y5mz-1wsc-w3g7
32
vulnerability VCID-yygb-pp11-5udj
33
vulnerability VCID-zpeb-7dhc-9kcx
34
vulnerability VCID-zqer-y4s4-hqhy
35
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.7
aliases CVE-2017-6377, GHSA-w7qx-vwr9-2j3r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvmv-j9kx-jfeq
29
url VCID-w4ks-ufnz-vfav
vulnerability_id VCID-w4ks-ufnz-vfav
summary 
Cross-site Scripting
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6929
reference_id
reference_type
scores
0
value 0.00603
scoring_system epss
scoring_elements 0.69993
published_at 2026-06-05T12:55:00Z
1
value 0.00603
scoring_system epss
scoring_elements 0.69953
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6929
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932
5
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6929
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6929
10
reference_url https://www.debian.org/security/2018/dsa-4123
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4123
11
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
12
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
fixed_packages
0
url pkg:composer/drupal/core@8.4.0
purl pkg:composer/drupal/core@8.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7bq1-m8df-k3ba
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-avmn-kqky-83dd
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-e12q-qavs-qybu
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-es39-uyu2-myap
13
vulnerability VCID-jrhg-3271-tqdy
14
vulnerability VCID-myja-t33q-q3cv
15
vulnerability VCID-nacy-y1qt-5yhb
16
vulnerability VCID-pgnc-fq4m-3kaz
17
vulnerability VCID-pmmq-8s2m-h7dp
18
vulnerability VCID-qsuc-53pg-zkda
19
vulnerability VCID-t5ya-jzjf-ckh6
20
vulnerability VCID-tbhc-6qre-7kc5
21
vulnerability VCID-tpzm-u3qp-akc8
22
vulnerability VCID-w4ks-ufnz-vfav
23
vulnerability VCID-wsv7-je8g-sqet
24
vulnerability VCID-wszp-2es5-z7fy
25
vulnerability VCID-x34m-u169-1bce
26
vulnerability VCID-y1nb-prqc-suaj
27
vulnerability VCID-yygb-pp11-5udj
28
vulnerability VCID-zqer-y4s4-hqhy
29
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.0
1
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7v89-2sss-hfaz
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e8un-nbkk-cbf9
11
vulnerability VCID-jrhg-3271-tqdy
12
vulnerability VCID-myja-t33q-q3cv
13
vulnerability VCID-nacy-y1qt-5yhb
14
vulnerability VCID-pgnc-fq4m-3kaz
15
vulnerability VCID-qsuc-53pg-zkda
16
vulnerability VCID-tpzm-u3qp-akc8
17
vulnerability VCID-wsv7-je8g-sqet
18
vulnerability VCID-wszp-2es5-z7fy
19
vulnerability VCID-x34m-u169-1bce
20
vulnerability VCID-y1nb-prqc-suaj
21
vulnerability VCID-yygb-pp11-5udj
22
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6929, GHSA-5vpr-v24w-mmjj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4ks-ufnz-vfav
30
url VCID-wsv7-je8g-sqet
vulnerability_id VCID-wsv7-je8g-sqet
summary 
Drupal core Unrestricted Upload of File with Dangerous Type
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 0.04504
scoring_system epss
scoring_elements 0.89338
published_at 2026-06-05T12:55:00Z
1
value 0.04504
scoring_system epss
scoring_elements 0.8932
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
6
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
7
reference_url https://www.drupal.org/sa-core-2020-012
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://www.drupal.org/sa-core-2020-012
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id 5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
reference_id CVE-2020-13671
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
12
reference_url https://github.com/advisories/GHSA-68jc-v27h-vhmw
reference_id GHSA-68jc-v27h-vhmw
reference_type
scores
url https://github.com/advisories/GHSA-68jc-v27h-vhmw
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
14
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
15
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@8.8.11
purl pkg:composer/drupal/core@8.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-5jy9-mhbb-nuh7
3
vulnerability VCID-7v89-2sss-hfaz
4
vulnerability VCID-9dfs-rpqy-6kfa
5
vulnerability VCID-dav9-pgdh-8yey
6
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.11
1
url pkg:composer/drupal/core@8.9.9
purl pkg:composer/drupal/core@8.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-5jy9-mhbb-nuh7
3
vulnerability VCID-67da-qxh5-aydx
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-9dfs-rpqy-6kfa
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.9
2
url pkg:composer/drupal/core@9.0.8
purl pkg:composer/drupal/core@9.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jy9-mhbb-nuh7
1
vulnerability VCID-67da-qxh5-aydx
2
vulnerability VCID-9dfs-rpqy-6kfa
3
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.8
aliases CVE-2020-13671, GHSA-68jc-v27h-vhmw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsv7-je8g-sqet
31
url VCID-wszp-2es5-z7fy
vulnerability_id VCID-wszp-2es5-z7fy
summary 
Moderately critical - Third-party libraries - SA-CORE-2019-007
The `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11831
reference_id
reference_type
scores
0
value 0.28615
scoring_system epss
scoring_elements 0.96626
published_at 2026-06-05T12:55:00Z
1
value 0.28615
scoring_system epss
scoring_elements 0.96622
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11831
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml
5
reference_url https://github.com/TYPO3/phar-stream-wrapper
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper
6
reference_url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1
7
reference_url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1
8
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
27
reference_url https://seclists.org/bugtraq/2019/May/36
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/36
28
reference_url https://typo3.org/security/advisory/typo3-psa-2019-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-psa-2019-007
29
reference_url https://typo3.org/security/advisory/typo3-psa-2019-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-psa-2019-007/
30
reference_url https://www.debian.org/security/2019/dsa-4445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4445
31
reference_url https://www.drupal.org/sa-core-2019-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-007
32
reference_url https://www.drupal.org/SA-CORE-2019-007
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2019-007
33
reference_url https://www.synology.com/security/advisory/Synology_SA_19_22
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_22
34
reference_url http://www.securityfocus.com/bid/108302
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108302
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11831
reference_id CVE-2019-11831
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11831
36
reference_url https://github.com/advisories/GHSA-xv7v-rf6g-xwrc
reference_id GHSA-xv7v-rf6g-xwrc
reference_type
scores
url https://github.com/advisories/GHSA-xv7v-rf6g-xwrc
fixed_packages
0
url pkg:composer/drupal/core@8.6.16
purl pkg:composer/drupal/core@8.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-avmn-kqky-83dd
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-nacy-y1qt-5yhb
8
vulnerability VCID-tpzm-u3qp-akc8
9
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.16
1
url pkg:composer/drupal/core@8.7.1
purl pkg:composer/drupal/core@8.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-avmn-kqky-83dd
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-jed8-4cv5-6bcr
8
vulnerability VCID-nacy-y1qt-5yhb
9
vulnerability VCID-tp81-dw6e-9qah
10
vulnerability VCID-tpzm-u3qp-akc8
11
vulnerability VCID-vjrr-h9sh-3bcu
12
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.1
aliases CVE-2019-11831, GHSA-xv7v-rf6g-xwrc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wszp-2es5-z7fy
32
url VCID-x34m-u169-1bce
vulnerability_id VCID-x34m-u169-1bce
summary 
Improper Input Validation
A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6339
reference_id
reference_type
scores
0
value 0.76091
scoring_system epss
scoring_elements 0.98939
published_at 2026-06-04T12:55:00Z
1
value 0.76091
scoring_system epss
scoring_elements 0.9894
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6339
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6338
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml
5
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6339
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6339
7
reference_url https://www.debian.org/security/2019/dsa-4370
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4370
8
reference_url https://www.drupal.org/sa-core-2019-002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-002
9
reference_url https://github.com/advisories/GHSA-8cw5-rv98-5c46
reference_id GHSA-8cw5-rv98-5c46
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8cw5-rv98-5c46
fixed_packages
0
url pkg:composer/drupal/core@8.5.9
purl pkg:composer/drupal/core@8.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-tpzm-u3qp-akc8
14
vulnerability VCID-wsv7-je8g-sqet
15
vulnerability VCID-wszp-2es5-z7fy
16
vulnerability VCID-x34m-u169-1bce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.9
1
url pkg:composer/drupal/core@8.6.6
purl pkg:composer/drupal/core@8.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-nacy-y1qt-5yhb
12
vulnerability VCID-tpzm-u3qp-akc8
13
vulnerability VCID-wsv7-je8g-sqet
14
vulnerability VCID-wszp-2es5-z7fy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6
aliases CVE-2019-6339, GHSA-8cw5-rv98-5c46
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x34m-u169-1bce
33
url VCID-y1nb-prqc-suaj
vulnerability_id VCID-y1nb-prqc-suaj
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the Enhanced Image plugin for CKEditor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9861
reference_id
reference_type
scores
0
value 0.00369
scoring_system epss
scoring_elements 0.591
published_at 2026-06-04T12:55:00Z
1
value 0.00369
scoring_system epss
scoring_elements 0.59149
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9861
1
reference_url https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml
4
reference_url https://www.drupal.org/sa-core-2018-003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-003
5
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
6
reference_url http://www.securityfocus.com/bid/103924
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103924
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-9861
reference_id CVE-2018-9861
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-9861
8
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
9
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
0
url pkg:composer/drupal/core@8.4.7
purl pkg:composer/drupal/core@8.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-avmn-kqky-83dd
7
vulnerability VCID-dav9-pgdh-8yey
8
vulnerability VCID-e12q-qavs-qybu
9
vulnerability VCID-e8un-nbkk-cbf9
10
vulnerability VCID-jrhg-3271-tqdy
11
vulnerability VCID-myja-t33q-q3cv
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-pgnc-fq4m-3kaz
14
vulnerability VCID-qsuc-53pg-zkda
15
vulnerability VCID-tpzm-u3qp-akc8
16
vulnerability VCID-wsv7-je8g-sqet
17
vulnerability VCID-wszp-2es5-z7fy
18
vulnerability VCID-x34m-u169-1bce
19
vulnerability VCID-yygb-pp11-5udj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.7
1
url pkg:composer/drupal/core@8.5.2
purl pkg:composer/drupal/core@8.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-jrhg-3271-tqdy
13
vulnerability VCID-myja-t33q-q3cv
14
vulnerability VCID-nacy-y1qt-5yhb
15
vulnerability VCID-pgnc-fq4m-3kaz
16
vulnerability VCID-qsuc-53pg-zkda
17
vulnerability VCID-tpzm-u3qp-akc8
18
vulnerability VCID-wsv7-je8g-sqet
19
vulnerability VCID-wszp-2es5-z7fy
20
vulnerability VCID-x34m-u169-1bce
21
vulnerability VCID-yygb-pp11-5udj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.2
aliases CVE-2018-9861, GHSA-g78h-pf65-46rv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1nb-prqc-suaj
34
url VCID-y5mz-1wsc-w3g7
vulnerability_id VCID-y5mz-1wsc-w3g7
summary 
Files uploaded by anonymous users accessed by other users
Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core does not provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6922
reference_id
reference_type
scores
0
value 0.01704
scoring_system epss
scoring_elements 0.82674
published_at 2026-06-05T12:55:00Z
1
value 0.01704
scoring_system epss
scoring_elements 0.82647
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6922
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6922
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6922
6
reference_url https://www.debian.org/security/2017/dsa-3897
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-3897
7
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
8
reference_url https://www.drupal.org/SA-CORE-2017-003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-003
9
reference_url http://www.securityfocus.com/bid/99219
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99219
10
reference_url http://www.securitytracker.com/id/1038781
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038781
11
reference_url https://github.com/advisories/GHSA-58f3-cx8p-h8jg
reference_id GHSA-58f3-cx8p-h8jg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-58f3-cx8p-h8jg
fixed_packages
0
url pkg:composer/drupal/core@8.3.4
purl pkg:composer/drupal/core@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7bq1-m8df-k3ba
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-ah3h-t9qa-gudr
9
vulnerability VCID-avmn-kqky-83dd
10
vulnerability VCID-dav9-pgdh-8yey
11
vulnerability VCID-e12q-qavs-qybu
12
vulnerability VCID-e8un-nbkk-cbf9
13
vulnerability VCID-es39-uyu2-myap
14
vulnerability VCID-jrhg-3271-tqdy
15
vulnerability VCID-myja-t33q-q3cv
16
vulnerability VCID-nacy-y1qt-5yhb
17
vulnerability VCID-pgnc-fq4m-3kaz
18
vulnerability VCID-qsuc-53pg-zkda
19
vulnerability VCID-t5ya-jzjf-ckh6
20
vulnerability VCID-tbhc-6qre-7kc5
21
vulnerability VCID-tpzm-u3qp-akc8
22
vulnerability VCID-w4ks-ufnz-vfav
23
vulnerability VCID-wsv7-je8g-sqet
24
vulnerability VCID-wszp-2es5-z7fy
25
vulnerability VCID-x34m-u169-1bce
26
vulnerability VCID-y1nb-prqc-suaj
27
vulnerability VCID-yygb-pp11-5udj
28
vulnerability VCID-zqer-y4s4-hqhy
29
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.4
aliases CVE-2017-6922, GHSA-58f3-cx8p-h8jg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5mz-1wsc-w3g7
35
url VCID-yygb-pp11-5udj
vulnerability_id VCID-yygb-pp11-5udj
summary 
URL Redirection to Untrusted Site ('Open Redirect')
External URL injection through URL aliases in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-tpzm-u3qp-akc8
14
vulnerability VCID-wsv7-je8g-sqet
15
vulnerability VCID-wszp-2es5-z7fy
16
vulnerability VCID-x34m-u169-1bce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-53
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yygb-pp11-5udj
36
url VCID-zpeb-7dhc-9kcx
vulnerability_id VCID-zpeb-7dhc-9kcx
summary 
PECL YAML parser unsafe object handling
PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This can lead to remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6920
reference_id
reference_type
scores
0
value 0.66148
scoring_system epss
scoring_elements 0.9854
published_at 2026-06-05T12:55:00Z
1
value 0.66148
scoring_system epss
scoring_elements 0.98537
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6920
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6920
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6920
5
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
6
reference_url https://www.drupal.org/SA-CORE-2017-003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-003
7
reference_url http://www.securityfocus.com/bid/99211
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99211
8
reference_url http://www.securitytracker.com/id/1038781
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038781
fixed_packages
0
url pkg:composer/drupal/core@8.3.4
purl pkg:composer/drupal/core@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7bq1-m8df-k3ba
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-ah3h-t9qa-gudr
9
vulnerability VCID-avmn-kqky-83dd
10
vulnerability VCID-dav9-pgdh-8yey
11
vulnerability VCID-e12q-qavs-qybu
12
vulnerability VCID-e8un-nbkk-cbf9
13
vulnerability VCID-es39-uyu2-myap
14
vulnerability VCID-jrhg-3271-tqdy
15
vulnerability VCID-myja-t33q-q3cv
16
vulnerability VCID-nacy-y1qt-5yhb
17
vulnerability VCID-pgnc-fq4m-3kaz
18
vulnerability VCID-qsuc-53pg-zkda
19
vulnerability VCID-t5ya-jzjf-ckh6
20
vulnerability VCID-tbhc-6qre-7kc5
21
vulnerability VCID-tpzm-u3qp-akc8
22
vulnerability VCID-w4ks-ufnz-vfav
23
vulnerability VCID-wsv7-je8g-sqet
24
vulnerability VCID-wszp-2es5-z7fy
25
vulnerability VCID-x34m-u169-1bce
26
vulnerability VCID-y1nb-prqc-suaj
27
vulnerability VCID-yygb-pp11-5udj
28
vulnerability VCID-zqer-y4s4-hqhy
29
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.4
aliases CVE-2017-6920, GHSA-9c24-g32g-35rj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpeb-7dhc-9kcx
37
url VCID-zqer-y4s4-hqhy
vulnerability_id VCID-zqer-y4s4-hqhy
summary 
URL Redirection to Untrusted Site (Open Redirect)
Drupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6932
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.59964
published_at 2026-06-05T12:55:00Z
1
value 0.00383
scoring_system epss
scoring_elements 0.59917
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6932
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932
5
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6932
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6932
10
reference_url https://www.debian.org/security/2018/dsa-4123
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4123
11
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
12
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-4dpp-gg2v-q3et
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-6c6t-kmb3-2qcm
6
vulnerability VCID-7v89-2sss-hfaz
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e8un-nbkk-cbf9
11
vulnerability VCID-jrhg-3271-tqdy
12
vulnerability VCID-myja-t33q-q3cv
13
vulnerability VCID-nacy-y1qt-5yhb
14
vulnerability VCID-pgnc-fq4m-3kaz
15
vulnerability VCID-qsuc-53pg-zkda
16
vulnerability VCID-tpzm-u3qp-akc8
17
vulnerability VCID-wsv7-je8g-sqet
18
vulnerability VCID-wszp-2es5-z7fy
19
vulnerability VCID-x34m-u169-1bce
20
vulnerability VCID-y1nb-prqc-suaj
21
vulnerability VCID-yygb-pp11-5udj
22
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6932, GHSA-wm86-w3cf-h6vm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqer-y4s4-hqhy
38
url VCID-zvtm-9bd5-ufgy
vulnerability_id VCID-zvtm-9bd5-ufgy
summary 
XSS Vulnerability
CKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin.
references
0
reference_url https://www.drupal.org/sa-core-2018-003
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-003
fixed_packages
0
url pkg:composer/drupal/core@8.4.7
purl pkg:composer/drupal/core@8.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-avmn-kqky-83dd
7
vulnerability VCID-dav9-pgdh-8yey
8
vulnerability VCID-e12q-qavs-qybu
9
vulnerability VCID-e8un-nbkk-cbf9
10
vulnerability VCID-jrhg-3271-tqdy
11
vulnerability VCID-myja-t33q-q3cv
12
vulnerability VCID-nacy-y1qt-5yhb
13
vulnerability VCID-pgnc-fq4m-3kaz
14
vulnerability VCID-qsuc-53pg-zkda
15
vulnerability VCID-tpzm-u3qp-akc8
16
vulnerability VCID-wsv7-je8g-sqet
17
vulnerability VCID-wszp-2es5-z7fy
18
vulnerability VCID-x34m-u169-1bce
19
vulnerability VCID-yygb-pp11-5udj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.7
1
url pkg:composer/drupal/core@8.5.2
purl pkg:composer/drupal/core@8.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-84eq-cq89-9qhm
7
vulnerability VCID-avmn-kqky-83dd
8
vulnerability VCID-dav9-pgdh-8yey
9
vulnerability VCID-e12q-qavs-qybu
10
vulnerability VCID-e69p-v2ws-vufj
11
vulnerability VCID-e8un-nbkk-cbf9
12
vulnerability VCID-jrhg-3271-tqdy
13
vulnerability VCID-myja-t33q-q3cv
14
vulnerability VCID-nacy-y1qt-5yhb
15
vulnerability VCID-pgnc-fq4m-3kaz
16
vulnerability VCID-qsuc-53pg-zkda
17
vulnerability VCID-tpzm-u3qp-akc8
18
vulnerability VCID-wsv7-je8g-sqet
19
vulnerability VCID-wszp-2es5-z7fy
20
vulnerability VCID-x34m-u169-1bce
21
vulnerability VCID-yygb-pp11-5udj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.2
aliases SA-CORE-2018-003
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvtm-9bd5-ufgy
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.4