Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@8.6.7
Typecomposer
Namespacedrupal
Namecore
Version8.6.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.4.9
Latest_non_vulnerable_version11.3.7
Affected_by_vulnerabilities
0
url VCID-2c5f-q858-huaw
vulnerability_id VCID-2c5f-q858-huaw
summary 
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54855
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/
url https://www.drupal.org/sa-core-2025-003
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
reference_id CVE-2025-31674
reference_type
scores
0
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31674
4
reference_url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
reference_id GHSA-2qph-q8xw-gv7q
reference_type
scores
url https://github.com/advisories/GHSA-2qph-q8xw-gv7q
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31674, GHSA-2qph-q8xw-gv7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c5f-q858-huaw
1
url VCID-2fas-m6vh-myhc
vulnerability_id VCID-2fas-m6vh-myhc
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41744
published_at 2026-06-04T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.4182
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
3
reference_url https://www.drupal.org/sa-core-2021-010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-010
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
reference_id CVE-2020-13677
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
6
reference_url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
reference_id GHSA-3xr3-phjp-g6p2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2g67-a42m-qfbh
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-4p4c-7rdc-37fa
4
vulnerability VCID-54qh-fz2a-cyh6
5
vulnerability VCID-5nbj-5x5a-93hz
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-a3s2-c4k2-4ufn
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ard5-3cjv-1beu
10
vulnerability VCID-b266-wste-eqh6
11
vulnerability VCID-b8fw-ya7y-h7d8
12
vulnerability VCID-bge7-rqsx-gfee
13
vulnerability VCID-deks-ns51-nbdg
14
vulnerability VCID-dyhz-g3nv-yuc3
15
vulnerability VCID-egtv-y9w1-skgr
16
vulnerability VCID-hay8-hvsq-33bm
17
vulnerability VCID-hkch-a5yn-jyg1
18
vulnerability VCID-j7bj-atys-qfg3
19
vulnerability VCID-kzrs-mrga-nyej
20
vulnerability VCID-p54u-b18k-jyft
21
vulnerability VCID-qwge-qrwn-1faj
22
vulnerability VCID-rd4g-h1j9-23cb
23
vulnerability VCID-t89y-c9hq-9bhk
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-ydy1-x277-1fhj
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13677, GHSA-3xr3-phjp-g6p2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fas-m6vh-myhc
2
url VCID-2t34-82p3-73c3
vulnerability_id VCID-2t34-82p3-73c3
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52072
published_at 2026-06-04T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.52133
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
3
reference_url https://www.drupal.org/sa-core-2021-009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-009
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
reference_id CVE-2020-13676
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
6
reference_url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
reference_id GHSA-qfhg-m6r8-xxpj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2g67-a42m-qfbh
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-4p4c-7rdc-37fa
4
vulnerability VCID-54qh-fz2a-cyh6
5
vulnerability VCID-5nbj-5x5a-93hz
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-a3s2-c4k2-4ufn
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ard5-3cjv-1beu
10
vulnerability VCID-b266-wste-eqh6
11
vulnerability VCID-b8fw-ya7y-h7d8
12
vulnerability VCID-bge7-rqsx-gfee
13
vulnerability VCID-deks-ns51-nbdg
14
vulnerability VCID-dyhz-g3nv-yuc3
15
vulnerability VCID-egtv-y9w1-skgr
16
vulnerability VCID-hay8-hvsq-33bm
17
vulnerability VCID-hkch-a5yn-jyg1
18
vulnerability VCID-j7bj-atys-qfg3
19
vulnerability VCID-kzrs-mrga-nyej
20
vulnerability VCID-p54u-b18k-jyft
21
vulnerability VCID-qwge-qrwn-1faj
22
vulnerability VCID-rd4g-h1j9-23cb
23
vulnerability VCID-t89y-c9hq-9bhk
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-ydy1-x277-1fhj
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13676, GHSA-qfhg-m6r8-xxpj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2t34-82p3-73c3
3
url VCID-31qy-vagp-83b6
vulnerability_id VCID-31qy-vagp-83b6
summary 
Exposure of Resource to Wrong Sphere
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62662
published_at 2026-06-04T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62706
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
3
reference_url https://www.drupal.org/sa-core-2020-011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-011
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
reference_id CVE-2020-13670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
7
reference_url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
reference_id GHSA-mmjr-5q74-p3m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-wsv7-je8g-sqet
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-xv4d-ped2-4udz
33
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13670, GHSA-mmjr-5q74-p3m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31qy-vagp-83b6
4
url VCID-3pj1-y73r-vyhh
vulnerability_id VCID-3pj1-y73r-vyhh
summary 
Drupal core unrestricted file upload
Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did.

Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file.

After this fix, file_save_upload() now trims leading and trailing dots from filenames.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-2.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-2.yaml
2
reference_url https://www.drupal.org/sa-core-2019-010
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-010
3
reference_url https://github.com/advisories/GHSA-7gwj-7fhm-vw4w
reference_id GHSA-7gwj-7fhm-vw4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gwj-7fhm-vw4w
fixed_packages
0
url pkg:composer/drupal/core@8.7.11
purl pkg:composer/drupal/core@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-6s93-1cpz-yyg8
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-avmn-kqky-83dd
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-jed8-4cv5-6bcr
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-nacy-y1qt-5yhb
25
vulnerability VCID-p54u-b18k-jyft
26
vulnerability VCID-pzp5-2bpz-jfe2
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tp81-dw6e-9qah
30
vulnerability VCID-tpzm-u3qp-akc8
31
vulnerability VCID-uq9s-79g7-rqh6
32
vulnerability VCID-vjrr-h9sh-3bcu
33
vulnerability VCID-wsv7-je8g-sqet
34
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.11
1
url pkg:composer/drupal/core@8.8.1
purl pkg:composer/drupal/core@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-6s93-1cpz-yyg8
9
vulnerability VCID-6x4v-da7x-uyhh
10
vulnerability VCID-7v89-2sss-hfaz
11
vulnerability VCID-9dfs-rpqy-6kfa
12
vulnerability VCID-9rmk-e8zd-9bcw
13
vulnerability VCID-a3s2-c4k2-4ufn
14
vulnerability VCID-a7ss-tkb6-gkge
15
vulnerability VCID-ard5-3cjv-1beu
16
vulnerability VCID-avmn-kqky-83dd
17
vulnerability VCID-b266-wste-eqh6
18
vulnerability VCID-b8fw-ya7y-h7d8
19
vulnerability VCID-dav9-pgdh-8yey
20
vulnerability VCID-deks-ns51-nbdg
21
vulnerability VCID-dyhz-g3nv-yuc3
22
vulnerability VCID-egtv-y9w1-skgr
23
vulnerability VCID-hay8-hvsq-33bm
24
vulnerability VCID-hkch-a5yn-jyg1
25
vulnerability VCID-j7bj-atys-qfg3
26
vulnerability VCID-jed8-4cv5-6bcr
27
vulnerability VCID-kzrs-mrga-nyej
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-p54u-b18k-jyft
30
vulnerability VCID-phwu-rdm2-ufhr
31
vulnerability VCID-pzp5-2bpz-jfe2
32
vulnerability VCID-qwge-qrwn-1faj
33
vulnerability VCID-rd4g-h1j9-23cb
34
vulnerability VCID-sg4r-hncm-dqcq
35
vulnerability VCID-t89y-c9hq-9bhk
36
vulnerability VCID-tp81-dw6e-9qah
37
vulnerability VCID-tpzm-u3qp-akc8
38
vulnerability VCID-uq9s-79g7-rqh6
39
vulnerability VCID-vjrr-h9sh-3bcu
40
vulnerability VCID-vz31-7246-aken
41
vulnerability VCID-wsv7-je8g-sqet
42
vulnerability VCID-x783-ggg8-auck
43
vulnerability VCID-xv4d-ped2-4udz
44
vulnerability VCID-yq4q-hydz-vuga
45
vulnerability VCID-zr84-4jzv-2fd3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.1
aliases GHSA-7gwj-7fhm-vw4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3pj1-y73r-vyhh
5
url VCID-3xk4-qwaq-5yaj
vulnerability_id VCID-3xk4-qwaq-5yaj
summary 
Improper Access Control
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
reference_id
reference_type
scores
0
value 0.00479
scoring_system epss
scoring_elements 0.6539
published_at 2026-06-04T12:55:00Z
1
value 0.00479
scoring_system epss
scoring_elements 0.65441
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-013
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/
url https://www.drupal.org/sa-core-2022-013
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
reference_id CVE-2022-25278
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
reference_id CVE-2022-25278.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
5
reference_url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
reference_id GHSA-cfh2-7f6h-3m85
reference_type
scores
url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25278, GHSA-cfh2-7f6h-3m85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xk4-qwaq-5yaj
6
url VCID-4p4c-7rdc-37fa
vulnerability_id VCID-4p4c-7rdc-37fa
summary 
Drupal Full Path Disclosure
`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
reference_id
reference_type
scores
0
value 0.86689
scoring_system epss
scoring_elements 0.9944
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45440
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://github.com/github/advisory-database/pull/4827
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/4827
3
reference_url https://www.drupal.org/project/drupal/issues/3457781
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://www.drupal.org/project/drupal/issues/3457781
4
reference_url https://www.drupal.org/project/drupal/releases/10.2.9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.2.9
5
reference_url https://www.drupal.org/project/drupal/releases/10.3.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/10.3.6
6
reference_url https://www.drupal.org/project/drupal/releases/11.0.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/project/drupal/releases/11.0.5
7
reference_url https://www.exploit-db.com/exploits/52266
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/52266
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
reference_id CVE-2024-45440
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
reference_id CVE-2024-45440
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45440
10
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained/
reference_id CVE-2024-45440-Explained
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/
url https://senscybersecurity.nl/CVE-2024-45440-Explained/
11
reference_url https://senscybersecurity.nl/CVE-2024-45440-Explained
reference_id CVE-2024-45440-EXPLAINED
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://senscybersecurity.nl/CVE-2024-45440-Explained
12
reference_url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
reference_id GHSA-mg8j-w93w-xjgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg8j-w93w-xjgc
fixed_packages
0
url pkg:composer/drupal/core@10.2.9
purl pkg:composer/drupal/core@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-6x4v-da7x-uyhh
2
vulnerability VCID-a3s2-c4k2-4ufn
3
vulnerability VCID-b266-wste-eqh6
4
vulnerability VCID-b8fw-ya7y-h7d8
5
vulnerability VCID-deks-ns51-nbdg
6
vulnerability VCID-hay8-hvsq-33bm
7
vulnerability VCID-j7bj-atys-qfg3
8
vulnerability VCID-jyz4-ymrp-pka7
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-xv4d-ped2-4udz
13
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9
1
url pkg:composer/drupal/core@10.3.0-beta1
purl pkg:composer/drupal/core@10.3.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1
2
url pkg:composer/drupal/core@10.3.6
purl pkg:composer/drupal/core@10.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-6x4v-da7x-uyhh
2
vulnerability VCID-a3s2-c4k2-4ufn
3
vulnerability VCID-b266-wste-eqh6
4
vulnerability VCID-b8fw-ya7y-h7d8
5
vulnerability VCID-deks-ns51-nbdg
6
vulnerability VCID-hay8-hvsq-33bm
7
vulnerability VCID-j7bj-atys-qfg3
8
vulnerability VCID-kzrs-mrga-nyej
9
vulnerability VCID-p54u-b18k-jyft
10
vulnerability VCID-qwge-qrwn-1faj
11
vulnerability VCID-xv4d-ped2-4udz
12
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6
3
url pkg:composer/drupal/core@11.0.0-alpha1
purl pkg:composer/drupal/core@11.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1
4
url pkg:composer/drupal/core@11.0.5
purl pkg:composer/drupal/core@11.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b266-wste-eqh6
3
vulnerability VCID-b8fw-ya7y-h7d8
4
vulnerability VCID-deks-ns51-nbdg
5
vulnerability VCID-hay8-hvsq-33bm
6
vulnerability VCID-j7bj-atys-qfg3
7
vulnerability VCID-kzrs-mrga-nyej
8
vulnerability VCID-p54u-b18k-jyft
9
vulnerability VCID-qwge-qrwn-1faj
10
vulnerability VCID-xv4d-ped2-4udz
11
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5
aliases CVE-2024-45440, GHSA-mg8j-w93w-xjgc
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4p4c-7rdc-37fa
7
url VCID-4q59-j6u4-qfhk
vulnerability_id VCID-4q59-j6u4-qfhk
summary 
Drupal core Access bypass
The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.

Solution:
If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11.
If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1.
Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.

Alternatively, you may mitigate this vulnerability by unchecking the "Enable advanced UI" checkbox on `/admin/config/media/media-library`. (This mitigation is not available in 8.7.x.)
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-3.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-3.yaml
2
reference_url https://www.drupal.org/sa-core-2019-011
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-011
3
reference_url https://github.com/advisories/GHSA-mh4h-27gq-cxwj
reference_id GHSA-mh4h-27gq-cxwj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mh4h-27gq-cxwj
fixed_packages
0
url pkg:composer/drupal/core@8.7.11
purl pkg:composer/drupal/core@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-6s93-1cpz-yyg8
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-avmn-kqky-83dd
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-jed8-4cv5-6bcr
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-nacy-y1qt-5yhb
25
vulnerability VCID-p54u-b18k-jyft
26
vulnerability VCID-pzp5-2bpz-jfe2
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tp81-dw6e-9qah
30
vulnerability VCID-tpzm-u3qp-akc8
31
vulnerability VCID-uq9s-79g7-rqh6
32
vulnerability VCID-vjrr-h9sh-3bcu
33
vulnerability VCID-wsv7-je8g-sqet
34
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.11
1
url pkg:composer/drupal/core@8.8.1
purl pkg:composer/drupal/core@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-6s93-1cpz-yyg8
9
vulnerability VCID-6x4v-da7x-uyhh
10
vulnerability VCID-7v89-2sss-hfaz
11
vulnerability VCID-9dfs-rpqy-6kfa
12
vulnerability VCID-9rmk-e8zd-9bcw
13
vulnerability VCID-a3s2-c4k2-4ufn
14
vulnerability VCID-a7ss-tkb6-gkge
15
vulnerability VCID-ard5-3cjv-1beu
16
vulnerability VCID-avmn-kqky-83dd
17
vulnerability VCID-b266-wste-eqh6
18
vulnerability VCID-b8fw-ya7y-h7d8
19
vulnerability VCID-dav9-pgdh-8yey
20
vulnerability VCID-deks-ns51-nbdg
21
vulnerability VCID-dyhz-g3nv-yuc3
22
vulnerability VCID-egtv-y9w1-skgr
23
vulnerability VCID-hay8-hvsq-33bm
24
vulnerability VCID-hkch-a5yn-jyg1
25
vulnerability VCID-j7bj-atys-qfg3
26
vulnerability VCID-jed8-4cv5-6bcr
27
vulnerability VCID-kzrs-mrga-nyej
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-p54u-b18k-jyft
30
vulnerability VCID-phwu-rdm2-ufhr
31
vulnerability VCID-pzp5-2bpz-jfe2
32
vulnerability VCID-qwge-qrwn-1faj
33
vulnerability VCID-rd4g-h1j9-23cb
34
vulnerability VCID-sg4r-hncm-dqcq
35
vulnerability VCID-t89y-c9hq-9bhk
36
vulnerability VCID-tp81-dw6e-9qah
37
vulnerability VCID-tpzm-u3qp-akc8
38
vulnerability VCID-uq9s-79g7-rqh6
39
vulnerability VCID-vjrr-h9sh-3bcu
40
vulnerability VCID-vz31-7246-aken
41
vulnerability VCID-wsv7-je8g-sqet
42
vulnerability VCID-x783-ggg8-auck
43
vulnerability VCID-xv4d-ped2-4udz
44
vulnerability VCID-yq4q-hydz-vuga
45
vulnerability VCID-zr84-4jzv-2fd3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.1
aliases GHSA-mh4h-27gq-cxwj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4q59-j6u4-qfhk
8
url VCID-5jy9-mhbb-nuh7
vulnerability_id VCID-5jy9-mhbb-nuh7
summary 
Deserialization of Untrusted Data
Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
reference_id
reference_type
scores
0
value 0.76873
scoring_system epss
scoring_elements 0.98976
published_at 2026-06-05T12:55:00Z
1
value 0.76873
scoring_system epss
scoring_elements 0.98975
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
4
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
5
reference_url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
6
reference_url https://github.com/pear/Archive_Tar/issues/33
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/issues/33
7
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
14
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-23
15
reference_url https://www.debian.org/security/2020/dsa-4817
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4817
16
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
reference_id 1904001
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id 976108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
reference_id CVE-2020-28948
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
20
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
21
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
22
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
23
reference_url https://usn.ubuntu.com/4654-1/
reference_id USN-4654-1
reference_type
scores
url https://usn.ubuntu.com/4654-1/
24
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
25
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@8.9.10
purl pkg:composer/drupal/core@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-67da-qxh5-aydx
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-a3s2-c4k2-4ufn
10
vulnerability VCID-a7ss-tkb6-gkge
11
vulnerability VCID-ard5-3cjv-1beu
12
vulnerability VCID-b266-wste-eqh6
13
vulnerability VCID-b8fw-ya7y-h7d8
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-kzrs-mrga-nyej
22
vulnerability VCID-p54u-b18k-jyft
23
vulnerability VCID-pzp5-2bpz-jfe2
24
vulnerability VCID-qwge-qrwn-1faj
25
vulnerability VCID-rd4g-h1j9-23cb
26
vulnerability VCID-t89y-c9hq-9bhk
27
vulnerability VCID-tpzm-u3qp-akc8
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10
1
url pkg:composer/drupal/core@9.0.0-alpha1
purl pkg:composer/drupal/core@9.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1
2
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-b266-wste-eqh6
10
vulnerability VCID-b8fw-ya7y-h7d8
11
vulnerability VCID-bge7-rqsx-gfee
12
vulnerability VCID-deks-ns51-nbdg
13
vulnerability VCID-dyhz-g3nv-yuc3
14
vulnerability VCID-egtv-y9w1-skgr
15
vulnerability VCID-hay8-hvsq-33bm
16
vulnerability VCID-hkch-a5yn-jyg1
17
vulnerability VCID-j7bj-atys-qfg3
18
vulnerability VCID-kzrs-mrga-nyej
19
vulnerability VCID-p54u-b18k-jyft
20
vulnerability VCID-qwge-qrwn-1faj
21
vulnerability VCID-rd4g-h1j9-23cb
22
vulnerability VCID-t89y-c9hq-9bhk
23
vulnerability VCID-tpzm-u3qp-akc8
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
3
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
aliases CVE-2020-28948, GHSA-jh5x-hfhg-78jq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jy9-mhbb-nuh7
9
url VCID-67w7-gq9f-ukf1
vulnerability_id VCID-67w7-gq9f-ukf1
summary 
Drupal core Denial of Service
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-1.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-1.yaml
2
reference_url https://www.drupal.org/sa-core-2019-009
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-009
3
reference_url https://github.com/advisories/GHSA-pr99-c33p-fwf6
reference_id GHSA-pr99-c33p-fwf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr99-c33p-fwf6
fixed_packages
0
url pkg:composer/drupal/core@8.7.11
purl pkg:composer/drupal/core@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-6s93-1cpz-yyg8
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-avmn-kqky-83dd
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-jed8-4cv5-6bcr
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-nacy-y1qt-5yhb
25
vulnerability VCID-p54u-b18k-jyft
26
vulnerability VCID-pzp5-2bpz-jfe2
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tp81-dw6e-9qah
30
vulnerability VCID-tpzm-u3qp-akc8
31
vulnerability VCID-uq9s-79g7-rqh6
32
vulnerability VCID-vjrr-h9sh-3bcu
33
vulnerability VCID-wsv7-je8g-sqet
34
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.11
1
url pkg:composer/drupal/core@8.8.1
purl pkg:composer/drupal/core@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-6s93-1cpz-yyg8
9
vulnerability VCID-6x4v-da7x-uyhh
10
vulnerability VCID-7v89-2sss-hfaz
11
vulnerability VCID-9dfs-rpqy-6kfa
12
vulnerability VCID-9rmk-e8zd-9bcw
13
vulnerability VCID-a3s2-c4k2-4ufn
14
vulnerability VCID-a7ss-tkb6-gkge
15
vulnerability VCID-ard5-3cjv-1beu
16
vulnerability VCID-avmn-kqky-83dd
17
vulnerability VCID-b266-wste-eqh6
18
vulnerability VCID-b8fw-ya7y-h7d8
19
vulnerability VCID-dav9-pgdh-8yey
20
vulnerability VCID-deks-ns51-nbdg
21
vulnerability VCID-dyhz-g3nv-yuc3
22
vulnerability VCID-egtv-y9w1-skgr
23
vulnerability VCID-hay8-hvsq-33bm
24
vulnerability VCID-hkch-a5yn-jyg1
25
vulnerability VCID-j7bj-atys-qfg3
26
vulnerability VCID-jed8-4cv5-6bcr
27
vulnerability VCID-kzrs-mrga-nyej
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-p54u-b18k-jyft
30
vulnerability VCID-phwu-rdm2-ufhr
31
vulnerability VCID-pzp5-2bpz-jfe2
32
vulnerability VCID-qwge-qrwn-1faj
33
vulnerability VCID-rd4g-h1j9-23cb
34
vulnerability VCID-sg4r-hncm-dqcq
35
vulnerability VCID-t89y-c9hq-9bhk
36
vulnerability VCID-tp81-dw6e-9qah
37
vulnerability VCID-tpzm-u3qp-akc8
38
vulnerability VCID-uq9s-79g7-rqh6
39
vulnerability VCID-vjrr-h9sh-3bcu
40
vulnerability VCID-vz31-7246-aken
41
vulnerability VCID-wsv7-je8g-sqet
42
vulnerability VCID-x783-ggg8-auck
43
vulnerability VCID-xv4d-ped2-4udz
44
vulnerability VCID-yq4q-hydz-vuga
45
vulnerability VCID-zr84-4jzv-2fd3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.1
aliases GHSA-pr99-c33p-fwf6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67w7-gq9f-ukf1
10
url VCID-6c6t-kmb3-2qcm
vulnerability_id VCID-6c6t-kmb3-2qcm
summary 
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.58063
published_at 2026-06-04T12:55:00Z
1
value 0.00355
scoring_system epss
scoring_elements 0.58114
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
13
reference_url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
14
reference_url https://www.drupal.org/sa-core-2019-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-005
15
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
17
reference_url https://symfony.com/cve-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10909
18
reference_url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
reference_id CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
19
reference_url https://github.com/advisories/GHSA-g996-q5r8-w7g2
reference_id GHSA-g996-q5r8-w7g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g996-q5r8-w7g2
fixed_packages
0
url pkg:composer/drupal/core@8.6.15
purl pkg:composer/drupal/core@8.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3pj1-y73r-vyhh
5
vulnerability VCID-3xk4-qwaq-5yaj
6
vulnerability VCID-4p4c-7rdc-37fa
7
vulnerability VCID-4q59-j6u4-qfhk
8
vulnerability VCID-5jy9-mhbb-nuh7
9
vulnerability VCID-67w7-gq9f-ukf1
10
vulnerability VCID-6s93-1cpz-yyg8
11
vulnerability VCID-7v89-2sss-hfaz
12
vulnerability VCID-a3s2-c4k2-4ufn
13
vulnerability VCID-a7ss-tkb6-gkge
14
vulnerability VCID-ard5-3cjv-1beu
15
vulnerability VCID-avmn-kqky-83dd
16
vulnerability VCID-b8fw-ya7y-h7d8
17
vulnerability VCID-ckvk-xm4a-2qey
18
vulnerability VCID-dav9-pgdh-8yey
19
vulnerability VCID-deks-ns51-nbdg
20
vulnerability VCID-dyhz-g3nv-yuc3
21
vulnerability VCID-egtv-y9w1-skgr
22
vulnerability VCID-hay8-hvsq-33bm
23
vulnerability VCID-hkch-a5yn-jyg1
24
vulnerability VCID-j7bj-atys-qfg3
25
vulnerability VCID-kzrs-mrga-nyej
26
vulnerability VCID-nacy-y1qt-5yhb
27
vulnerability VCID-p54u-b18k-jyft
28
vulnerability VCID-pzp5-2bpz-jfe2
29
vulnerability VCID-rd4g-h1j9-23cb
30
vulnerability VCID-t89y-c9hq-9bhk
31
vulnerability VCID-tpzm-u3qp-akc8
32
vulnerability VCID-uq9s-79g7-rqh6
33
vulnerability VCID-wsv7-je8g-sqet
34
vulnerability VCID-wszp-2es5-z7fy
35
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.15
aliases CVE-2019-10909, GHSA-g996-q5r8-w7g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6c6t-kmb3-2qcm
11
url VCID-6s93-1cpz-yyg8
vulnerability_id VCID-6s93-1cpz-yyg8
summary 
Drupal core uses a vulnerable Third-party library CKEditor
The Drupal project uses the third-party library [CKEditor](https://github.com/ckeditor/ckeditor4), which has released a [security improvement](https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed) that is needed to protect some Drupal configurations.

Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site's users. An attacker that can create or edit content may be able to exploit this Cross Site Scripting (XSS) vulnerability to target users with access to the WYSIWYG CKEditor, and this may include site admins with privileged access.

The latest versions of Drupal update CKEditor to 4.14 to mitigate the vulnerabilities.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-03-18.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-03-18.yaml
2
reference_url https://www.drupal.org/sa-core-2020-001
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-001
3
reference_url https://github.com/advisories/GHSA-v273-j5hq-26xp
reference_id GHSA-v273-j5hq-26xp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v273-j5hq-26xp
fixed_packages
0
url pkg:composer/drupal/core@8.7.12
purl pkg:composer/drupal/core@8.7.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-a3s2-c4k2-4ufn
10
vulnerability VCID-a7ss-tkb6-gkge
11
vulnerability VCID-ard5-3cjv-1beu
12
vulnerability VCID-avmn-kqky-83dd
13
vulnerability VCID-b8fw-ya7y-h7d8
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-jed8-4cv5-6bcr
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-nacy-y1qt-5yhb
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-vjrr-h9sh-3bcu
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.12
1
url pkg:composer/drupal/core@8.8.4
purl pkg:composer/drupal/core@8.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-9rmk-e8zd-9bcw
12
vulnerability VCID-a3s2-c4k2-4ufn
13
vulnerability VCID-a7ss-tkb6-gkge
14
vulnerability VCID-ard5-3cjv-1beu
15
vulnerability VCID-avmn-kqky-83dd
16
vulnerability VCID-b266-wste-eqh6
17
vulnerability VCID-b8fw-ya7y-h7d8
18
vulnerability VCID-dav9-pgdh-8yey
19
vulnerability VCID-deks-ns51-nbdg
20
vulnerability VCID-dyhz-g3nv-yuc3
21
vulnerability VCID-egtv-y9w1-skgr
22
vulnerability VCID-hay8-hvsq-33bm
23
vulnerability VCID-hkch-a5yn-jyg1
24
vulnerability VCID-j7bj-atys-qfg3
25
vulnerability VCID-jed8-4cv5-6bcr
26
vulnerability VCID-kzrs-mrga-nyej
27
vulnerability VCID-nacy-y1qt-5yhb
28
vulnerability VCID-p54u-b18k-jyft
29
vulnerability VCID-phwu-rdm2-ufhr
30
vulnerability VCID-pzp5-2bpz-jfe2
31
vulnerability VCID-qwge-qrwn-1faj
32
vulnerability VCID-rd4g-h1j9-23cb
33
vulnerability VCID-sg4r-hncm-dqcq
34
vulnerability VCID-t89y-c9hq-9bhk
35
vulnerability VCID-tpzm-u3qp-akc8
36
vulnerability VCID-uq9s-79g7-rqh6
37
vulnerability VCID-vjrr-h9sh-3bcu
38
vulnerability VCID-vz31-7246-aken
39
vulnerability VCID-wsv7-je8g-sqet
40
vulnerability VCID-x783-ggg8-auck
41
vulnerability VCID-xv4d-ped2-4udz
42
vulnerability VCID-yq4q-hydz-vuga
43
vulnerability VCID-zr84-4jzv-2fd3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.4
aliases GHSA-v273-j5hq-26xp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6s93-1cpz-yyg8
12
url VCID-7v89-2sss-hfaz
vulnerability_id VCID-7v89-2sss-hfaz
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.3383
published_at 2026-06-04T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.33934
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
3
reference_url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
4
reference_url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
5
reference_url https://www.drupal.org/sa-core-2021-007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-007
6
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
reference_id CVE-2020-13674
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
8
reference_url https://github.com/advisories/GHSA-j586-cj67-vg4p
reference_id GHSA-j586-cj67-vg4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j586-cj67-vg4p
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2g67-a42m-qfbh
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-4p4c-7rdc-37fa
4
vulnerability VCID-54qh-fz2a-cyh6
5
vulnerability VCID-5nbj-5x5a-93hz
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-a3s2-c4k2-4ufn
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ard5-3cjv-1beu
10
vulnerability VCID-b266-wste-eqh6
11
vulnerability VCID-b8fw-ya7y-h7d8
12
vulnerability VCID-bge7-rqsx-gfee
13
vulnerability VCID-deks-ns51-nbdg
14
vulnerability VCID-dyhz-g3nv-yuc3
15
vulnerability VCID-egtv-y9w1-skgr
16
vulnerability VCID-hay8-hvsq-33bm
17
vulnerability VCID-hkch-a5yn-jyg1
18
vulnerability VCID-j7bj-atys-qfg3
19
vulnerability VCID-kzrs-mrga-nyej
20
vulnerability VCID-p54u-b18k-jyft
21
vulnerability VCID-qwge-qrwn-1faj
22
vulnerability VCID-rd4g-h1j9-23cb
23
vulnerability VCID-t89y-c9hq-9bhk
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-ydy1-x277-1fhj
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13674, GHSA-j586-cj67-vg4p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v89-2sss-hfaz
13
url VCID-84eq-cq89-9qhm
vulnerability_id VCID-84eq-cq89-9qhm
summary 
Modification of Assumed-Immutable Data (MAID)
Prototype pollution attack through jQuery $.extend
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
3
reference_url http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
4
reference_url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
5
reference_url https://access.redhat.com/errata/RHBA-2019:1570
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHBA-2019:1570
6
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHSA-2019:1456
7
reference_url https://access.redhat.com/errata/RHSA-2019:2587
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHSA-2019:2587
8
reference_url https://access.redhat.com/errata/RHSA-2019:3023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHSA-2019:3023
9
reference_url https://access.redhat.com/errata/RHSA-2019:3024
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://access.redhat.com/errata/RHSA-2019:3024
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11358
reference_id
reference_type
scores
0
value 0.01532
scoring_system epss
scoring_elements 0.81646
published_at 2026-06-04T12:55:00Z
1
value 0.01532
scoring_system epss
scoring_elements 0.81677
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11358
12
reference_url https://backdropcms.org/security/backdrop-sa-core-2019-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://backdropcms.org/security/backdrop-sa-core-2019-009
13
reference_url https://blog.jquery.com/2019/04/10/jquery-3-4-0-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.jquery.com/2019/04/10/jquery-3-4-0-released
14
reference_url https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474
25
reference_url http://seclists.org/fulldisclosure/2019/May/10
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://seclists.org/fulldisclosure/2019/May/10
26
reference_url http://seclists.org/fulldisclosure/2019/May/11
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://seclists.org/fulldisclosure/2019/May/11
27
reference_url http://seclists.org/fulldisclosure/2019/May/13
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://seclists.org/fulldisclosure/2019/May/13
28
reference_url https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f
29
reference_url https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829
30
reference_url https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad
31
reference_url https://github.com/jquery/jquery
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery
32
reference_url https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
33
reference_url https://github.com/jquery/jquery/pull/4333
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://github.com/jquery/jquery/pull/4333
34
reference_url https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc
35
reference_url https://github.com/maximebf/php-debugbar/issues/447
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/maximebf/php-debugbar/issues/447
36
reference_url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434
37
reference_url https://hackerone.com/reports/454365
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements
url https://hackerone.com/reports/454365
38
reference_url https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
39
reference_url https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E
46
reference_url https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
47
reference_url https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E
48
reference_url https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
49
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
50
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
51
reference_url https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E
52
reference_url https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
53
reference_url https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E
54
reference_url https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
55
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
56
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
57
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
58
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
59
reference_url https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E
60
reference_url https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
61
reference_url https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E
62
reference_url https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
63
reference_url https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E
64
reference_url https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
65
reference_url https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E
66
reference_url https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
67
reference_url https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E
68
reference_url https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
69
reference_url https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E
70
reference_url https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
71
reference_url https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E
72
reference_url https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
73
reference_url https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E
74
reference_url https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
75
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
76
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
77
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
78
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
79
reference_url https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
80
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
81
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
82
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
83
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
84
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
85
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
86
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
87
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
88
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
89
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
90
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
91
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
92
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
93
reference_url https://seclists.org/bugtraq/2019/Apr/32
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://seclists.org/bugtraq/2019/Apr/32
94
reference_url https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://seclists.org/bugtraq/2019/Jun/12
95
reference_url https://seclists.org/bugtraq/2019/May/18
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://seclists.org/bugtraq/2019/May/18
96
reference_url https://security.netapp.com/advisory/ntap-20190919-0001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190919-0001
97
reference_url https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226
98
reference_url https://snyk.io/vuln/SNYK-JS-JQUERY-174006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://snyk.io/vuln/SNYK-JS-JQUERY-174006
99
reference_url https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
100
reference_url https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023
101
reference_url https://www.debian.org/security/2019/dsa-4434
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.debian.org/security/2019/dsa-4434
102
reference_url https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.debian.org/security/2019/dsa-4460
103
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
104
reference_url https://www.drupal.org/sa-core-2019-006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.drupal.org/sa-core-2019-006
105
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpuapr2020.html
106
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
107
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpujan2020.html
108
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpujan2021.html
109
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
110
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpujul2020.html
111
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
112
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpuoct2020.html
113
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
114
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
115
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
116
reference_url https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery
117
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.synology.com/security/advisory/Synology_SA_19_19
118
reference_url https://www.tenable.com/security/tns-2019-08
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.tenable.com/security/tns-2019-08
119
reference_url https://www.tenable.com/security/tns-2020-02
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.tenable.com/security/tns-2020-02
120
reference_url http://www.openwall.com/lists/oss-security/2019/06/03/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://www.openwall.com/lists/oss-security/2019/06/03/2
121
reference_url http://www.securityfocus.com/bid/108023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url http://www.securityfocus.com/bid/108023
122
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1701972
reference_id 1701972
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1701972
123
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json
reference_id 496
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json
124
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
reference_id 4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
125
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
reference_id 5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
126
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466
reference_id 927466
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466
127
reference_url https://security.archlinux.org/ASA-201906-2
reference_id ASA-201906-2
reference_type
scores
url https://security.archlinux.org/ASA-201906-2
128
reference_url https://security.archlinux.org/AVG-969
reference_id AVG-969
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-969
129
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11358
reference_id CVE-2019-11358
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11358
130
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml
reference_id CVE-2019-11358.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml
131
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt
reference_id CVE-2020-7656;CVE-2019-11358
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52141.txt
132
reference_url https://github.com/advisories/GHSA-6c3j-c64m-qhgq
reference_id GHSA-6c3j-c64m-qhgq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6c3j-c64m-qhgq
133
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
reference_id KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
134
reference_url https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
reference_id mitigating-cve-2019-11358-in-old-versions-of-jquery
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
135
reference_url https://security.netapp.com/advisory/ntap-20190919-0001/
reference_id ntap-20190919-0001
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://security.netapp.com/advisory/ntap-20190919-0001/
136
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
reference_id QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
137
reference_url https://access.redhat.com/errata/RHSA-2020:1325
reference_id RHSA-2020:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1325
138
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
139
reference_url https://access.redhat.com/errata/RHSA-2020:3936
reference_id RHSA-2020:3936
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3936
140
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
141
reference_url https://access.redhat.com/errata/RHSA-2020:4670
reference_id RHSA-2020:4670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4670
142
reference_url https://access.redhat.com/errata/RHSA-2020:4847
reference_id RHSA-2020:4847
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4847
143
reference_url https://access.redhat.com/errata/RHSA-2020:5581
reference_id RHSA-2020:5581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5581
144
reference_url https://access.redhat.com/errata/RHSA-2021:4142
reference_id RHSA-2021:4142
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4142
145
reference_url https://access.redhat.com/errata/RHSA-2022:7343
reference_id RHSA-2022:7343
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7343
146
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
147
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
148
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
149
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
150
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
reference_id RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
151
reference_url https://usn.ubuntu.com/7622-1/
reference_id USN-7622-1
reference_type
scores
url https://usn.ubuntu.com/7622-1/
152
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
reference_id WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:03:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
fixed_packages
0
url pkg:composer/drupal/core@8.6.15
purl pkg:composer/drupal/core@8.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3pj1-y73r-vyhh
5
vulnerability VCID-3xk4-qwaq-5yaj
6
vulnerability VCID-4p4c-7rdc-37fa
7
vulnerability VCID-4q59-j6u4-qfhk
8
vulnerability VCID-5jy9-mhbb-nuh7
9
vulnerability VCID-67w7-gq9f-ukf1
10
vulnerability VCID-6s93-1cpz-yyg8
11
vulnerability VCID-7v89-2sss-hfaz
12
vulnerability VCID-a3s2-c4k2-4ufn
13
vulnerability VCID-a7ss-tkb6-gkge
14
vulnerability VCID-ard5-3cjv-1beu
15
vulnerability VCID-avmn-kqky-83dd
16
vulnerability VCID-b8fw-ya7y-h7d8
17
vulnerability VCID-ckvk-xm4a-2qey
18
vulnerability VCID-dav9-pgdh-8yey
19
vulnerability VCID-deks-ns51-nbdg
20
vulnerability VCID-dyhz-g3nv-yuc3
21
vulnerability VCID-egtv-y9w1-skgr
22
vulnerability VCID-hay8-hvsq-33bm
23
vulnerability VCID-hkch-a5yn-jyg1
24
vulnerability VCID-j7bj-atys-qfg3
25
vulnerability VCID-kzrs-mrga-nyej
26
vulnerability VCID-nacy-y1qt-5yhb
27
vulnerability VCID-p54u-b18k-jyft
28
vulnerability VCID-pzp5-2bpz-jfe2
29
vulnerability VCID-rd4g-h1j9-23cb
30
vulnerability VCID-t89y-c9hq-9bhk
31
vulnerability VCID-tpzm-u3qp-akc8
32
vulnerability VCID-uq9s-79g7-rqh6
33
vulnerability VCID-wsv7-je8g-sqet
34
vulnerability VCID-wszp-2es5-z7fy
35
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.15
aliases CVE-2019-11358, GHSA-6c3j-c64m-qhgq
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84eq-cq89-9qhm
14
url VCID-9nk8-dban-g7h9
vulnerability_id VCID-9nk8-dban-g7h9
summary 
Drupal Core Remote Code Execution Vulnerability
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6340
reference_id
reference_type
scores
0
value 0.9441
scoring_system epss
scoring_elements 0.99979
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6340
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340
3
reference_url https://www.drupal.org/sa-core-2019-003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.drupal.org/sa-core-2019-003
4
reference_url https://www.exploit-db.com/exploits/46452
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46452
5
reference_url https://www.exploit-db.com/exploits/46459
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46459
6
reference_url https://www.exploit-db.com/exploits/46510
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46510
7
reference_url https://www.synology.com/security/advisory/Synology_SA_19_09
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.synology.com/security/advisory/Synology_SA_19_09
8
reference_url http://www.securityfocus.com/bid/107106
reference_id 107106
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url http://www.securityfocus.com/bid/107106
9
reference_url https://www.exploit-db.com/exploits/46452/
reference_id 46452
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.exploit-db.com/exploits/46452/
10
reference_url https://www.exploit-db.com/exploits/46459/
reference_id 46459
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.exploit-db.com/exploits/46459/
11
reference_url https://www.exploit-db.com/exploits/46510/
reference_id 46510
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:47Z/
url https://www.exploit-db.com/exploits/46510/
12
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb
reference_id CVE-2019-6340
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46510.rb
13
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt
reference_id CVE-2019-6340
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46452.txt
14
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py
reference_id CVE-2019-6340
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46459.py
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6340
reference_id CVE-2019-6340
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6340
16
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb
reference_id CVE-2019-6340
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/6ff18828c0273b7170469939a49e4b063d561799/modules/exploits/unix/webapp/drupal_restws_unserialize.rb
17
reference_url https://www.ambionics.io/blog/drupal8-rce
reference_id CVE-2019-6340
reference_type exploit
scores
url https://www.ambionics.io/blog/drupal8-rce
18
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml
reference_id CVE-2019-6340.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml
19
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml
reference_id CVE-2019-6340.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml
20
reference_url https://github.com/advisories/GHSA-3gx6-h57h-rm27
reference_id GHSA-3gx6-h57h-rm27
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3gx6-h57h-rm27
fixed_packages
0
url pkg:composer/drupal/core@8.6.10
purl pkg:composer/drupal/core@8.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3pj1-y73r-vyhh
5
vulnerability VCID-3xk4-qwaq-5yaj
6
vulnerability VCID-4p4c-7rdc-37fa
7
vulnerability VCID-4q59-j6u4-qfhk
8
vulnerability VCID-5jy9-mhbb-nuh7
9
vulnerability VCID-67w7-gq9f-ukf1
10
vulnerability VCID-6c6t-kmb3-2qcm
11
vulnerability VCID-6s93-1cpz-yyg8
12
vulnerability VCID-7v89-2sss-hfaz
13
vulnerability VCID-84eq-cq89-9qhm
14
vulnerability VCID-a3s2-c4k2-4ufn
15
vulnerability VCID-a7ss-tkb6-gkge
16
vulnerability VCID-ard5-3cjv-1beu
17
vulnerability VCID-avmn-kqky-83dd
18
vulnerability VCID-b8fw-ya7y-h7d8
19
vulnerability VCID-ckvk-xm4a-2qey
20
vulnerability VCID-dav9-pgdh-8yey
21
vulnerability VCID-deks-ns51-nbdg
22
vulnerability VCID-dyhz-g3nv-yuc3
23
vulnerability VCID-e12q-qavs-qybu
24
vulnerability VCID-e69p-v2ws-vufj
25
vulnerability VCID-egtv-y9w1-skgr
26
vulnerability VCID-hay8-hvsq-33bm
27
vulnerability VCID-hkch-a5yn-jyg1
28
vulnerability VCID-j7bj-atys-qfg3
29
vulnerability VCID-kzrs-mrga-nyej
30
vulnerability VCID-nacy-y1qt-5yhb
31
vulnerability VCID-p54u-b18k-jyft
32
vulnerability VCID-pzp5-2bpz-jfe2
33
vulnerability VCID-rd4g-h1j9-23cb
34
vulnerability VCID-t89y-c9hq-9bhk
35
vulnerability VCID-tpzm-u3qp-akc8
36
vulnerability VCID-uq9s-79g7-rqh6
37
vulnerability VCID-wsv7-je8g-sqet
38
vulnerability VCID-wszp-2es5-z7fy
39
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.10
aliases CVE-2019-6340, GHSA-3gx6-h57h-rm27
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nk8-dban-g7h9
15
url VCID-a3s2-c4k2-4ufn
vulnerability_id VCID-a3s2-c4k2-4ufn
summary Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01484
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13083
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-008
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/
url https://www.drupal.org/sa-core-2025-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
reference_id CVE-2025-13083
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13083
4
reference_url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
reference_id GHSA-mhpg-hpj5-73r2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhpg-hpj5-73r2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13083, GHSA-mhpg-hpj5-73r2
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3s2-c4k2-4ufn
16
url VCID-a7ss-tkb6-gkge
vulnerability_id VCID-a7ss-tkb6-gkge
summary 
Improper access control
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
reference_id
reference_type
scores
0
value 0.00579
scoring_system epss
scoring_elements 0.69245
published_at 2026-06-04T12:55:00Z
1
value 0.00579
scoring_system epss
scoring_elements 0.69285
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
3
reference_url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
4
reference_url https://www.drupal.org/sa-core-2022-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/
url https://www.drupal.org/sa-core-2022-012
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
reference_id CVE-2022-25275
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
reference_id CVE-2022-25275.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
7
reference_url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
reference_id GHSA-xh3v-6f9j-wxw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25275, GHSA-xh3v-6f9j-wxw3, GMS-2022-3362
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7ss-tkb6-gkge
17
url VCID-ard5-3cjv-1beu
vulnerability_id VCID-ard5-3cjv-1beu
summary 
Improper Input Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
reference_id
reference_type
scores
0
value 0.00931
scoring_system epss
scoring_elements 0.76518
published_at 2026-06-05T12:55:00Z
1
value 0.00931
scoring_system epss
scoring_elements 0.76489
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
3
reference_url https://github.com/guzzle/psr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7
4
reference_url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
5
reference_url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
6
reference_url https://www.drupal.org/sa-core-2022-006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://www.drupal.org/sa-core-2022-006
7
reference_url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
reference_id 1008236
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
reference_id CVE-2022-24775
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
10
reference_url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
11
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
12
reference_url https://usn.ubuntu.com/6670-1/
reference_id USN-6670-1
reference_type
scores
url https://usn.ubuntu.com/6670-1/
fixed_packages
0
url pkg:composer/drupal/core@9.2.16
purl pkg:composer/drupal/core@9.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.16
1
url pkg:composer/drupal/core@9.3.0-alpha1
purl pkg:composer/drupal/core@9.3.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-b266-wste-eqh6
8
vulnerability VCID-b8fw-ya7y-h7d8
9
vulnerability VCID-bge7-rqsx-gfee
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-hay8-hvsq-33bm
13
vulnerability VCID-hkch-a5yn-jyg1
14
vulnerability VCID-j7bj-atys-qfg3
15
vulnerability VCID-kzrs-mrga-nyej
16
vulnerability VCID-p54u-b18k-jyft
17
vulnerability VCID-qwge-qrwn-1faj
18
vulnerability VCID-rd4g-h1j9-23cb
19
vulnerability VCID-t89y-c9hq-9bhk
20
vulnerability VCID-xv4d-ped2-4udz
21
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0-alpha1
2
url pkg:composer/drupal/core@9.3.9
purl pkg:composer/drupal/core@9.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-g1ew-tnk9-cuh7
15
vulnerability VCID-hay8-hvsq-33bm
16
vulnerability VCID-hkch-a5yn-jyg1
17
vulnerability VCID-j7bj-atys-qfg3
18
vulnerability VCID-kzrs-mrga-nyej
19
vulnerability VCID-p54u-b18k-jyft
20
vulnerability VCID-qwge-qrwn-1faj
21
vulnerability VCID-rd4g-h1j9-23cb
22
vulnerability VCID-t89y-c9hq-9bhk
23
vulnerability VCID-xv4d-ped2-4udz
24
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.9
3
url pkg:composer/drupal/core@10.0.0-alpha1
purl pkg:composer/drupal/core@10.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-kzrs-mrga-nyej
10
vulnerability VCID-p54u-b18k-jyft
11
vulnerability VCID-qwge-qrwn-1faj
12
vulnerability VCID-t89y-c9hq-9bhk
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.0-alpha1
aliases CVE-2022-24775, GHSA-q7rv-6hp3-vh96
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ard5-3cjv-1beu
18
url VCID-avmn-kqky-83dd
vulnerability_id VCID-avmn-kqky-83dd
summary 
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42349
published_at 2026-06-04T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42424
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-010
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
reference_id CVE-2020-13669
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
6
reference_url https://github.com/advisories/GHSA-c533-c843-67h8
reference_id GHSA-c533-c843-67h8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c533-c843-67h8
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-wsv7-je8g-sqet
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-xv4d-ped2-4udz
33
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13669, GHSA-c533-c843-67h8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avmn-kqky-83dd
19
url VCID-b8fw-ya7y-h7d8
vulnerability_id VCID-b8fw-ya7y-h7d8
summary 
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61443
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3057
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/
url https://www.drupal.org/sa-core-2025-001
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
reference_id CVE-2025-3057
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3057
4
reference_url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
reference_id GHSA-39g6-x4x8-5jcm
reference_type
scores
url https://github.com/advisories/GHSA-39g6-x4x8-5jcm
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-3057, GHSA-39g6-x4x8-5jcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8fw-ya7y-h7d8
20
url VCID-ckvk-xm4a-2qey
vulnerability_id VCID-ckvk-xm4a-2qey
summary 
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
The Drupal project uses the third-party library [Archive_Tar](https://pear.php.net/package/Archive_Tar/), which has released a security improvement that is needed to protect some Drupal configurations.

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.

The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-4.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2019-12-18-4.yaml
2
reference_url https://www.drupal.org/sa-core-2019-012
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-012
3
reference_url https://github.com/advisories/GHSA-98h9-727m-44qv
reference_id GHSA-98h9-727m-44qv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98h9-727m-44qv
fixed_packages
0
url pkg:composer/drupal/core@8.7.11
purl pkg:composer/drupal/core@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-6s93-1cpz-yyg8
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-avmn-kqky-83dd
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-jed8-4cv5-6bcr
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-nacy-y1qt-5yhb
25
vulnerability VCID-p54u-b18k-jyft
26
vulnerability VCID-pzp5-2bpz-jfe2
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tp81-dw6e-9qah
30
vulnerability VCID-tpzm-u3qp-akc8
31
vulnerability VCID-uq9s-79g7-rqh6
32
vulnerability VCID-vjrr-h9sh-3bcu
33
vulnerability VCID-wsv7-je8g-sqet
34
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.11
1
url pkg:composer/drupal/core@8.8.1
purl pkg:composer/drupal/core@8.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5jy9-mhbb-nuh7
8
vulnerability VCID-6s93-1cpz-yyg8
9
vulnerability VCID-6x4v-da7x-uyhh
10
vulnerability VCID-7v89-2sss-hfaz
11
vulnerability VCID-9dfs-rpqy-6kfa
12
vulnerability VCID-9rmk-e8zd-9bcw
13
vulnerability VCID-a3s2-c4k2-4ufn
14
vulnerability VCID-a7ss-tkb6-gkge
15
vulnerability VCID-ard5-3cjv-1beu
16
vulnerability VCID-avmn-kqky-83dd
17
vulnerability VCID-b266-wste-eqh6
18
vulnerability VCID-b8fw-ya7y-h7d8
19
vulnerability VCID-dav9-pgdh-8yey
20
vulnerability VCID-deks-ns51-nbdg
21
vulnerability VCID-dyhz-g3nv-yuc3
22
vulnerability VCID-egtv-y9w1-skgr
23
vulnerability VCID-hay8-hvsq-33bm
24
vulnerability VCID-hkch-a5yn-jyg1
25
vulnerability VCID-j7bj-atys-qfg3
26
vulnerability VCID-jed8-4cv5-6bcr
27
vulnerability VCID-kzrs-mrga-nyej
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-p54u-b18k-jyft
30
vulnerability VCID-phwu-rdm2-ufhr
31
vulnerability VCID-pzp5-2bpz-jfe2
32
vulnerability VCID-qwge-qrwn-1faj
33
vulnerability VCID-rd4g-h1j9-23cb
34
vulnerability VCID-sg4r-hncm-dqcq
35
vulnerability VCID-t89y-c9hq-9bhk
36
vulnerability VCID-tp81-dw6e-9qah
37
vulnerability VCID-tpzm-u3qp-akc8
38
vulnerability VCID-uq9s-79g7-rqh6
39
vulnerability VCID-vjrr-h9sh-3bcu
40
vulnerability VCID-vz31-7246-aken
41
vulnerability VCID-wsv7-je8g-sqet
42
vulnerability VCID-x783-ggg8-auck
43
vulnerability VCID-xv4d-ped2-4udz
44
vulnerability VCID-yq4q-hydz-vuga
45
vulnerability VCID-zr84-4jzv-2fd3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.1
aliases GHSA-98h9-727m-44qv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckvk-xm4a-2qey
21
url VCID-dav9-pgdh-8yey
vulnerability_id VCID-dav9-pgdh-8yey
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
reference_id
reference_type
scores
0
value 0.00797
scoring_system epss
scoring_elements 0.74383
published_at 2026-06-05T12:55:00Z
1
value 0.00797
scoring_system epss
scoring_elements 0.7435
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-008
3
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
reference_id CVE-2020-13675
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
5
reference_url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
reference_id GHSA-v8wr-r69p-mmwx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-deks-ns51-nbdg
11
vulnerability VCID-dyhz-g3nv-yuc3
12
vulnerability VCID-egtv-y9w1-skgr
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2g67-a42m-qfbh
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-4p4c-7rdc-37fa
4
vulnerability VCID-54qh-fz2a-cyh6
5
vulnerability VCID-5nbj-5x5a-93hz
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-a3s2-c4k2-4ufn
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ard5-3cjv-1beu
10
vulnerability VCID-b266-wste-eqh6
11
vulnerability VCID-b8fw-ya7y-h7d8
12
vulnerability VCID-bge7-rqsx-gfee
13
vulnerability VCID-deks-ns51-nbdg
14
vulnerability VCID-dyhz-g3nv-yuc3
15
vulnerability VCID-egtv-y9w1-skgr
16
vulnerability VCID-hay8-hvsq-33bm
17
vulnerability VCID-hkch-a5yn-jyg1
18
vulnerability VCID-j7bj-atys-qfg3
19
vulnerability VCID-kzrs-mrga-nyej
20
vulnerability VCID-p54u-b18k-jyft
21
vulnerability VCID-qwge-qrwn-1faj
22
vulnerability VCID-rd4g-h1j9-23cb
23
vulnerability VCID-t89y-c9hq-9bhk
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-ydy1-x277-1fhj
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13675, GHSA-v8wr-r69p-mmwx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dav9-pgdh-8yey
22
url VCID-deks-ns51-nbdg
vulnerability_id VCID-deks-ns51-nbdg
summary 
Drupal Core Vulnerable to Forceful Browsing
Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
reference_id
reference_type
scores
0
value 0.00173
scoring_system epss
scoring_elements 0.3855
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31673
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-002
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/
url https://www.drupal.org/sa-core-2025-002
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
reference_id CVE-2025-31673
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31673
4
reference_url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
reference_id GHSA-wpp8-fjgf-pwc7
reference_type
scores
url https://github.com/advisories/GHSA-wpp8-fjgf-pwc7
fixed_packages
0
url pkg:composer/drupal/core@10.3.13
purl pkg:composer/drupal/core@10.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13
1
url pkg:composer/drupal/core@10.4.3
purl pkg:composer/drupal/core@10.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3
2
url pkg:composer/drupal/core@11.0.12
purl pkg:composer/drupal/core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12
3
url pkg:composer/drupal/core@11.1.3
purl pkg:composer/drupal/core@11.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-hay8-hvsq-33bm
2
vulnerability VCID-kzrs-mrga-nyej
3
vulnerability VCID-p54u-b18k-jyft
4
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3
aliases CVE-2025-31673, GHSA-wpp8-fjgf-pwc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-deks-ns51-nbdg
23
url VCID-dyhz-g3nv-yuc3
vulnerability_id VCID-dyhz-g3nv-yuc3
summary 
Lack of domain validation in Druple core
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
reference_id
reference_type
scores
0
value 0.01831
scoring_system epss
scoring_elements 0.83257
published_at 2026-06-04T12:55:00Z
1
value 0.01831
scoring_system epss
scoring_elements 0.83283
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-015
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2022-015
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
reference_id CVE-2022-25276
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
4
reference_url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
reference_id GHSA-4wfq-jc9h-vpcx
reference_type
scores
url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25276, GHSA-4wfq-jc9h-vpcx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dyhz-g3nv-yuc3
24
url VCID-e12q-qavs-qybu
vulnerability_id VCID-e12q-qavs-qybu
summary Cross-site Scripting vulnerability in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2019-004
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2019-004
fixed_packages
0
url pkg:composer/drupal/core@8.6.12
purl pkg:composer/drupal/core@8.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3pj1-y73r-vyhh
5
vulnerability VCID-3xk4-qwaq-5yaj
6
vulnerability VCID-4p4c-7rdc-37fa
7
vulnerability VCID-4q59-j6u4-qfhk
8
vulnerability VCID-5jy9-mhbb-nuh7
9
vulnerability VCID-67w7-gq9f-ukf1
10
vulnerability VCID-6c6t-kmb3-2qcm
11
vulnerability VCID-6s93-1cpz-yyg8
12
vulnerability VCID-7v89-2sss-hfaz
13
vulnerability VCID-84eq-cq89-9qhm
14
vulnerability VCID-a3s2-c4k2-4ufn
15
vulnerability VCID-a7ss-tkb6-gkge
16
vulnerability VCID-ard5-3cjv-1beu
17
vulnerability VCID-avmn-kqky-83dd
18
vulnerability VCID-b8fw-ya7y-h7d8
19
vulnerability VCID-ckvk-xm4a-2qey
20
vulnerability VCID-dav9-pgdh-8yey
21
vulnerability VCID-deks-ns51-nbdg
22
vulnerability VCID-dyhz-g3nv-yuc3
23
vulnerability VCID-e69p-v2ws-vufj
24
vulnerability VCID-egtv-y9w1-skgr
25
vulnerability VCID-hay8-hvsq-33bm
26
vulnerability VCID-hkch-a5yn-jyg1
27
vulnerability VCID-j7bj-atys-qfg3
28
vulnerability VCID-kzrs-mrga-nyej
29
vulnerability VCID-nacy-y1qt-5yhb
30
vulnerability VCID-p54u-b18k-jyft
31
vulnerability VCID-pzp5-2bpz-jfe2
32
vulnerability VCID-rd4g-h1j9-23cb
33
vulnerability VCID-t89y-c9hq-9bhk
34
vulnerability VCID-tpzm-u3qp-akc8
35
vulnerability VCID-uq9s-79g7-rqh6
36
vulnerability VCID-wsv7-je8g-sqet
37
vulnerability VCID-wszp-2es5-z7fy
38
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.12
aliases GMS-2019-147
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e12q-qavs-qybu
25
url VCID-e69p-v2ws-vufj
vulnerability_id VCID-e69p-v2ws-vufj
summary 
Cross-site Scripting
Under certain circumstances the File `module/subsystem` allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6341
reference_id
reference_type
scores
0
value 0.47079
scoring_system epss
scoring_elements 0.97742
published_at 2026-06-05T12:55:00Z
1
value 0.47079
scoring_system epss
scoring_elements 0.97739
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6341
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6341.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6341.yaml
5
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS
14
reference_url https://www.drupal.org/sa-core-2019-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-004
15
reference_url https://www.drupal.org/SA-CORE-2019-004
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2019-004
16
reference_url https://www.synology.com/security/advisory/Synology_SA_19_13
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_13
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6341
reference_id CVE-2019-6341
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6341
fixed_packages
0
url pkg:composer/drupal/core@8.6.13
purl pkg:composer/drupal/core@8.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3pj1-y73r-vyhh
5
vulnerability VCID-3xk4-qwaq-5yaj
6
vulnerability VCID-4p4c-7rdc-37fa
7
vulnerability VCID-4q59-j6u4-qfhk
8
vulnerability VCID-5jy9-mhbb-nuh7
9
vulnerability VCID-67w7-gq9f-ukf1
10
vulnerability VCID-6c6t-kmb3-2qcm
11
vulnerability VCID-6s93-1cpz-yyg8
12
vulnerability VCID-7v89-2sss-hfaz
13
vulnerability VCID-84eq-cq89-9qhm
14
vulnerability VCID-a3s2-c4k2-4ufn
15
vulnerability VCID-a7ss-tkb6-gkge
16
vulnerability VCID-ard5-3cjv-1beu
17
vulnerability VCID-avmn-kqky-83dd
18
vulnerability VCID-b8fw-ya7y-h7d8
19
vulnerability VCID-ckvk-xm4a-2qey
20
vulnerability VCID-dav9-pgdh-8yey
21
vulnerability VCID-deks-ns51-nbdg
22
vulnerability VCID-dyhz-g3nv-yuc3
23
vulnerability VCID-egtv-y9w1-skgr
24
vulnerability VCID-hay8-hvsq-33bm
25
vulnerability VCID-hkch-a5yn-jyg1
26
vulnerability VCID-j7bj-atys-qfg3
27
vulnerability VCID-kzrs-mrga-nyej
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-p54u-b18k-jyft
30
vulnerability VCID-pzp5-2bpz-jfe2
31
vulnerability VCID-rd4g-h1j9-23cb
32
vulnerability VCID-t89y-c9hq-9bhk
33
vulnerability VCID-tpzm-u3qp-akc8
34
vulnerability VCID-uq9s-79g7-rqh6
35
vulnerability VCID-wsv7-je8g-sqet
36
vulnerability VCID-wszp-2es5-z7fy
37
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.13
aliases CVE-2019-6341, GHSA-cmmh-8mwp-gq5p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e69p-v2ws-vufj
26
url VCID-egtv-y9w1-skgr
vulnerability_id VCID-egtv-y9w1-skgr
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
reference_id
reference_type
scores
0
value 0.0047
scoring_system epss
scoring_elements 0.64955
published_at 2026-06-05T12:55:00Z
1
value 0.0047
scoring_system epss
scoring_elements 0.64912
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/
url https://www.drupal.org/sa-core-2022-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
reference_id CVE-2022-25273
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
4
reference_url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
reference_id GHSA-g36h-4jr6-qmm9
reference_type
scores
url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
fixed_packages
0
url pkg:composer/drupal/core@9.2.18
purl pkg:composer/drupal/core@9.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.18
1
url pkg:composer/drupal/core@9.3.12
purl pkg:composer/drupal/core@9.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5nbj-5x5a-93hz
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-hay8-hvsq-33bm
14
vulnerability VCID-hkch-a5yn-jyg1
15
vulnerability VCID-j7bj-atys-qfg3
16
vulnerability VCID-kzrs-mrga-nyej
17
vulnerability VCID-p54u-b18k-jyft
18
vulnerability VCID-qwge-qrwn-1faj
19
vulnerability VCID-rd4g-h1j9-23cb
20
vulnerability VCID-t89y-c9hq-9bhk
21
vulnerability VCID-xv4d-ped2-4udz
22
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.12
aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egtv-y9w1-skgr
27
url VCID-hay8-hvsq-33bm
vulnerability_id VCID-hay8-hvsq-33bm
summary 
Drupal Core Cross-Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25223
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31675
1
reference_url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://www.drupal.org/sa-core-2025-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.drupal.org/sa-core-2025-004
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
reference_id CVE-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31675
5
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
reference_id CVE-2025-31675
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/
url https://www.herodevs.com/vulnerability-directory/cve-2025-31675
6
reference_url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
reference_id GHSA-m4wj-hhwj-47qp
reference_type
scores
url https://github.com/advisories/GHSA-m4wj-hhwj-47qp
fixed_packages
0
url pkg:composer/drupal/core@10.3.14
purl pkg:composer/drupal/core@10.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14
1
url pkg:composer/drupal/core@10.4.5
purl pkg:composer/drupal/core@10.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5
2
url pkg:composer/drupal/core@11.0.13
purl pkg:composer/drupal/core@11.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13
3
url pkg:composer/drupal/core@11.1.5
purl pkg:composer/drupal/core@11.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3s2-c4k2-4ufn
1
vulnerability VCID-kzrs-mrga-nyej
2
vulnerability VCID-p54u-b18k-jyft
3
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5
aliases CVE-2025-31675, GHSA-m4wj-hhwj-47qp
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hay8-hvsq-33bm
28
url VCID-hkch-a5yn-jyg1
vulnerability_id VCID-hkch-a5yn-jyg1
summary Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
reference_id
reference_type
scores
0
value 0.09505
scoring_system epss
scoring_elements 0.92989
published_at 2026-06-04T12:55:00Z
1
value 0.09505
scoring_system epss
scoring_elements 0.93
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
3
reference_url https://github.com/twigphp/Twig
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twigphp/Twig
4
reference_url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
5
reference_url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
6
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
20
reference_url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
21
reference_url https://www.debian.org/security/2022/dsa-5248
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.debian.org/security/2022/dsa-5248
22
reference_url https://www.drupal.org/sa-core-2022-016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.drupal.org/sa-core-2022-016
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
reference_id 1020991
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id 2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
26
reference_url https://github.com/advisories/GHSA-52m2-vc4m-jj33
reference_id GHSA-52m2-vc4m-jj33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52m2-vc4m-jj33
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
29
reference_url https://usn.ubuntu.com/5947-1/
reference_id USN-5947-1
reference_type
scores
url https://usn.ubuntu.com/5947-1/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
fixed_packages
0
url pkg:composer/drupal/core@9.3.22
purl pkg:composer/drupal/core@9.3.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.22
1
url pkg:composer/drupal/core@9.4.0-alpha1
purl pkg:composer/drupal/core@9.4.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1
2
url pkg:composer/drupal/core@9.4.7
purl pkg:composer/drupal/core@9.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-j7bj-atys-qfg3
11
vulnerability VCID-kzrs-mrga-nyej
12
vulnerability VCID-p54u-b18k-jyft
13
vulnerability VCID-qwge-qrwn-1faj
14
vulnerability VCID-t89y-c9hq-9bhk
15
vulnerability VCID-xv4d-ped2-4udz
16
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.7
3
url pkg:composer/drupal/core@9.5.0-beta1
purl pkg:composer/drupal/core@9.5.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-deks-ns51-nbdg
8
vulnerability VCID-hay8-hvsq-33bm
9
vulnerability VCID-j7bj-atys-qfg3
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-t89y-c9hq-9bhk
14
vulnerability VCID-xv4d-ped2-4udz
15
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.0-beta1
aliases CVE-2022-39261, GHSA-52m2-vc4m-jj33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkch-a5yn-jyg1
29
url VCID-j7bj-atys-qfg3
vulnerability_id VCID-j7bj-atys-qfg3
summary 
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
reference_id
reference_type
scores
0
value 0.01148
scoring_system epss
scoring_elements 0.7884
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55634
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934
3
reference_url https://www.drupal.org/sa-core-2024-004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/
url https://www.drupal.org/sa-core-2024-004
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
reference_id CVE-2024-55634
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55634
5
reference_url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
reference_id GHSA-7cwc-fjqm-8vh8
reference_type
scores
url https://github.com/advisories/GHSA-7cwc-fjqm-8vh8
fixed_packages
0
url pkg:composer/drupal/core@10.2.11
purl pkg:composer/drupal/core@10.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11
1
url pkg:composer/drupal/core@10.3.9
purl pkg:composer/drupal/core@10.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9
2
url pkg:composer/drupal/core@11.0.8
purl pkg:composer/drupal/core@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-a3s2-c4k2-4ufn
2
vulnerability VCID-b8fw-ya7y-h7d8
3
vulnerability VCID-deks-ns51-nbdg
4
vulnerability VCID-hay8-hvsq-33bm
5
vulnerability VCID-kzrs-mrga-nyej
6
vulnerability VCID-p54u-b18k-jyft
7
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8
aliases CVE-2024-55634, GHSA-7cwc-fjqm-8vh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7bj-atys-qfg3
30
url VCID-kzrs-mrga-nyej
vulnerability_id VCID-kzrs-mrga-nyej
summary User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13922
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13082
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-007
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/
url https://www.drupal.org/sa-core-2025-007
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
reference_id CVE-2025-13082
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13082
4
reference_url https://github.com/advisories/GHSA-h89p-5896-f4q8
reference_id GHSA-h89p-5896-f4q8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h89p-5896-f4q8
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13082, GHSA-h89p-5896-f4q8
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzrs-mrga-nyej
31
url VCID-nacy-y1qt-5yhb
vulnerability_id VCID-nacy-y1qt-5yhb
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44935
published_at 2026-06-04T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.45004
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
3
reference_url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
4
reference_url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
5
reference_url https://www.drupal.org/sa-core-2020-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-009
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
reference_id CVE-2020-13668
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
9
reference_url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
reference_id GHSA-m6q5-wv4x-fv6h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
fixed_packages
0
url pkg:composer/drupal/core@8.8.10
purl pkg:composer/drupal/core@8.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-wsv7-je8g-sqet
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10
1
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-xv4d-ped2-4udz
33
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
2
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-wsv7-je8g-sqet
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13668, GHSA-m6q5-wv4x-fv6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nacy-y1qt-5yhb
32
url VCID-p54u-b18k-jyft
vulnerability_id VCID-p54u-b18k-jyft
summary Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.26138
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13080
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/
url https://www.drupal.org/sa-core-2025-005
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
reference_id CVE-2025-13080
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13080
4
reference_url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
reference_id GHSA-83v7-c2cf-p9c2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83v7-c2cf-p9c2
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13080, GHSA-83v7-c2cf-p9c2
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p54u-b18k-jyft
33
url VCID-pzp5-2bpz-jfe2
vulnerability_id VCID-pzp5-2bpz-jfe2
summary 
Drupal core Cross-Site Scripting (XSS) vulnerabilities
The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.

Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2021-05-26.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2021-05-26.yaml
2
reference_url https://www.drupal.org/sa-core-2021-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-005
3
reference_url https://github.com/advisories/GHSA-vfgc-c76h-mwh4
reference_id GHSA-vfgc-c76h-mwh4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfgc-c76h-mwh4
fixed_packages
0
url pkg:composer/drupal/core@8.9.18
purl pkg:composer/drupal/core@8.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-dav9-pgdh-8yey
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-xv4d-ped2-4udz
26
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.18
1
url pkg:composer/drupal/core@9.1.12
purl pkg:composer/drupal/core@9.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-kzrs-mrga-nyej
22
vulnerability VCID-p54u-b18k-jyft
23
vulnerability VCID-qwge-qrwn-1faj
24
vulnerability VCID-rd4g-h1j9-23cb
25
vulnerability VCID-t89y-c9hq-9bhk
26
vulnerability VCID-xv4d-ped2-4udz
27
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.12
2
url pkg:composer/drupal/core@9.2.4
purl pkg:composer/drupal/core@9.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2g67-a42m-qfbh
3
vulnerability VCID-2t34-82p3-73c3
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4p4c-7rdc-37fa
6
vulnerability VCID-54qh-fz2a-cyh6
7
vulnerability VCID-5nbj-5x5a-93hz
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-bge7-rqsx-gfee
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-ydy1-x277-1fhj
30
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.4
aliases GHSA-vfgc-c76h-mwh4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pzp5-2bpz-jfe2
34
url VCID-rd4g-h1j9-23cb
vulnerability_id VCID-rd4g-h1j9-23cb
summary 
Unrestricted Upload of File with Dangerous Type
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously does not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
reference_id
reference_type
scores
0
value 0.02448
scoring_system epss
scoring_elements 0.85496
published_at 2026-06-05T12:55:00Z
1
value 0.02448
scoring_system epss
scoring_elements 0.85472
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
3
reference_url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
4
reference_url https://www.drupal.org/sa-core-2022-014
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/
url https://www.drupal.org/sa-core-2022-014
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
reference_id CVE-2022-25277
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
reference_id CVE-2022-25277.YAML
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
7
reference_url https://github.com/advisories/GHSA-6955-67hm-vjjq
reference_id GHSA-6955-67hm-vjjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6955-67hm-vjjq
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-54qh-fz2a-cyh6
3
vulnerability VCID-6x4v-da7x-uyhh
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-b266-wste-eqh6
6
vulnerability VCID-b8fw-ya7y-h7d8
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-deks-ns51-nbdg
9
vulnerability VCID-hay8-hvsq-33bm
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-j7bj-atys-qfg3
12
vulnerability VCID-kzrs-mrga-nyej
13
vulnerability VCID-p54u-b18k-jyft
14
vulnerability VCID-qwge-qrwn-1faj
15
vulnerability VCID-t89y-c9hq-9bhk
16
vulnerability VCID-xv4d-ped2-4udz
17
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25277, GHSA-6955-67hm-vjjq, GMS-2022-3361
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rd4g-h1j9-23cb
35
url VCID-t89y-c9hq-9bhk
vulnerability_id VCID-t89y-c9hq-9bhk
summary 
Drupal core Denial of Service vulnerability
The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff
2
reference_url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml
4
reference_url https://www.drupal.org/sa-core-2024-001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2024-001
5
reference_url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
reference_id GHSA-6ccv-8fgf-cjpw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6ccv-8fgf-cjpw
fixed_packages
0
url pkg:composer/drupal/core@10.1.8
purl pkg:composer/drupal/core@10.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8
1
url pkg:composer/drupal/core@10.2.2
purl pkg:composer/drupal/core@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-4p4c-7rdc-37fa
2
vulnerability VCID-6x4v-da7x-uyhh
3
vulnerability VCID-a3s2-c4k2-4ufn
4
vulnerability VCID-b266-wste-eqh6
5
vulnerability VCID-b8fw-ya7y-h7d8
6
vulnerability VCID-deks-ns51-nbdg
7
vulnerability VCID-hay8-hvsq-33bm
8
vulnerability VCID-j7bj-atys-qfg3
9
vulnerability VCID-jyz4-ymrp-pka7
10
vulnerability VCID-kzrs-mrga-nyej
11
vulnerability VCID-p54u-b18k-jyft
12
vulnerability VCID-qwge-qrwn-1faj
13
vulnerability VCID-xv4d-ped2-4udz
14
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2
aliases GHSA-6ccv-8fgf-cjpw, GMS-2024-214
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t89y-c9hq-9bhk
36
url VCID-tpzm-u3qp-akc8
vulnerability_id VCID-tpzm-u3qp-akc8
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.6851
published_at 2026-06-05T12:55:00Z
1
value 0.00555
scoring_system epss
scoring_elements 0.68469
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-002
3
reference_url https://security.archlinux.org/AVG-1463
reference_id AVG-1463
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1463
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
reference_id CVE-2020-13672
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
7
reference_url https://github.com/advisories/GHSA-3m36-mjwj-352c
reference_id GHSA-3m36-mjwj-352c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3m36-mjwj-352c
fixed_packages
0
url pkg:composer/drupal/core@8.9.14
purl pkg:composer/drupal/core@8.9.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-dav9-pgdh-8yey
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-pzp5-2bpz-jfe2
23
vulnerability VCID-qwge-qrwn-1faj
24
vulnerability VCID-rd4g-h1j9-23cb
25
vulnerability VCID-t89y-c9hq-9bhk
26
vulnerability VCID-xv4d-ped2-4udz
27
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14
1
url pkg:composer/drupal/core@9.0.12
purl pkg:composer/drupal/core@9.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-6x4v-da7x-uyhh
5
vulnerability VCID-a3s2-c4k2-4ufn
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-ard5-3cjv-1beu
8
vulnerability VCID-b266-wste-eqh6
9
vulnerability VCID-b8fw-ya7y-h7d8
10
vulnerability VCID-bge7-rqsx-gfee
11
vulnerability VCID-deks-ns51-nbdg
12
vulnerability VCID-dyhz-g3nv-yuc3
13
vulnerability VCID-egtv-y9w1-skgr
14
vulnerability VCID-hay8-hvsq-33bm
15
vulnerability VCID-hkch-a5yn-jyg1
16
vulnerability VCID-j7bj-atys-qfg3
17
vulnerability VCID-kzrs-mrga-nyej
18
vulnerability VCID-p54u-b18k-jyft
19
vulnerability VCID-qwge-qrwn-1faj
20
vulnerability VCID-rd4g-h1j9-23cb
21
vulnerability VCID-t89y-c9hq-9bhk
22
vulnerability VCID-xv4d-ped2-4udz
23
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12
2
url pkg:composer/drupal/core@9.1.7
purl pkg:composer/drupal/core@9.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-kzrs-mrga-nyej
22
vulnerability VCID-p54u-b18k-jyft
23
vulnerability VCID-pzp5-2bpz-jfe2
24
vulnerability VCID-qwge-qrwn-1faj
25
vulnerability VCID-rd4g-h1j9-23cb
26
vulnerability VCID-t89y-c9hq-9bhk
27
vulnerability VCID-xv4d-ped2-4udz
28
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7
aliases CVE-2020-13672, GHSA-3m36-mjwj-352c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpzm-u3qp-akc8
37
url VCID-uq9s-79g7-rqh6
vulnerability_id VCID-uq9s-79g7-rqh6
summary 
Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:
CVE-2020-28948
CVE-2020-28949

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files.
references
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml
2
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
3
reference_url https://github.com/advisories/GHSA-gxxj-g9v8-w28p
reference_id GHSA-gxxj-g9v8-w28p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gxxj-g9v8-w28p
fixed_packages
0
url pkg:composer/drupal/core@8.8.12
purl pkg:composer/drupal/core@8.8.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-7v89-2sss-hfaz
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-dav9-pgdh-8yey
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-pzp5-2bpz-jfe2
23
vulnerability VCID-qwge-qrwn-1faj
24
vulnerability VCID-rd4g-h1j9-23cb
25
vulnerability VCID-t89y-c9hq-9bhk
26
vulnerability VCID-tpzm-u3qp-akc8
27
vulnerability VCID-xv4d-ped2-4udz
28
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.12
1
url pkg:composer/drupal/core@8.9.10
purl pkg:composer/drupal/core@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-67da-qxh5-aydx
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-a3s2-c4k2-4ufn
10
vulnerability VCID-a7ss-tkb6-gkge
11
vulnerability VCID-ard5-3cjv-1beu
12
vulnerability VCID-b266-wste-eqh6
13
vulnerability VCID-b8fw-ya7y-h7d8
14
vulnerability VCID-dav9-pgdh-8yey
15
vulnerability VCID-deks-ns51-nbdg
16
vulnerability VCID-dyhz-g3nv-yuc3
17
vulnerability VCID-egtv-y9w1-skgr
18
vulnerability VCID-hay8-hvsq-33bm
19
vulnerability VCID-hkch-a5yn-jyg1
20
vulnerability VCID-j7bj-atys-qfg3
21
vulnerability VCID-kzrs-mrga-nyej
22
vulnerability VCID-p54u-b18k-jyft
23
vulnerability VCID-pzp5-2bpz-jfe2
24
vulnerability VCID-qwge-qrwn-1faj
25
vulnerability VCID-rd4g-h1j9-23cb
26
vulnerability VCID-t89y-c9hq-9bhk
27
vulnerability VCID-tpzm-u3qp-akc8
28
vulnerability VCID-xv4d-ped2-4udz
29
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10
2
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-a3s2-c4k2-4ufn
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-b266-wste-eqh6
10
vulnerability VCID-b8fw-ya7y-h7d8
11
vulnerability VCID-bge7-rqsx-gfee
12
vulnerability VCID-deks-ns51-nbdg
13
vulnerability VCID-dyhz-g3nv-yuc3
14
vulnerability VCID-egtv-y9w1-skgr
15
vulnerability VCID-hay8-hvsq-33bm
16
vulnerability VCID-hkch-a5yn-jyg1
17
vulnerability VCID-j7bj-atys-qfg3
18
vulnerability VCID-kzrs-mrga-nyej
19
vulnerability VCID-p54u-b18k-jyft
20
vulnerability VCID-qwge-qrwn-1faj
21
vulnerability VCID-rd4g-h1j9-23cb
22
vulnerability VCID-t89y-c9hq-9bhk
23
vulnerability VCID-tpzm-u3qp-akc8
24
vulnerability VCID-xv4d-ped2-4udz
25
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
aliases GHSA-gxxj-g9v8-w28p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uq9s-79g7-rqh6
38
url VCID-wsv7-je8g-sqet
vulnerability_id VCID-wsv7-je8g-sqet
summary 
Drupal core Unrestricted Upload of File with Dangerous Type
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 0.04504
scoring_system epss
scoring_elements 0.89338
published_at 2026-06-05T12:55:00Z
1
value 0.04504
scoring_system epss
scoring_elements 0.8932
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
6
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
7
reference_url https://www.drupal.org/sa-core-2020-012
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://www.drupal.org/sa-core-2020-012
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id 5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
reference_id CVE-2020-13671
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
12
reference_url https://github.com/advisories/GHSA-68jc-v27h-vhmw
reference_id GHSA-68jc-v27h-vhmw
reference_type
scores
url https://github.com/advisories/GHSA-68jc-v27h-vhmw
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
14
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
15
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@8.8.11
purl pkg:composer/drupal/core@8.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-6x4v-da7x-uyhh
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9dfs-rpqy-6kfa
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a7ss-tkb6-gkge
12
vulnerability VCID-ard5-3cjv-1beu
13
vulnerability VCID-b266-wste-eqh6
14
vulnerability VCID-b8fw-ya7y-h7d8
15
vulnerability VCID-dav9-pgdh-8yey
16
vulnerability VCID-deks-ns51-nbdg
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-egtv-y9w1-skgr
19
vulnerability VCID-hay8-hvsq-33bm
20
vulnerability VCID-hkch-a5yn-jyg1
21
vulnerability VCID-j7bj-atys-qfg3
22
vulnerability VCID-kzrs-mrga-nyej
23
vulnerability VCID-p54u-b18k-jyft
24
vulnerability VCID-pzp5-2bpz-jfe2
25
vulnerability VCID-qwge-qrwn-1faj
26
vulnerability VCID-rd4g-h1j9-23cb
27
vulnerability VCID-t89y-c9hq-9bhk
28
vulnerability VCID-tpzm-u3qp-akc8
29
vulnerability VCID-uq9s-79g7-rqh6
30
vulnerability VCID-xv4d-ped2-4udz
31
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.11
1
url pkg:composer/drupal/core@8.9.9
purl pkg:composer/drupal/core@8.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-3xk4-qwaq-5yaj
4
vulnerability VCID-4p4c-7rdc-37fa
5
vulnerability VCID-54qh-fz2a-cyh6
6
vulnerability VCID-5jy9-mhbb-nuh7
7
vulnerability VCID-67da-qxh5-aydx
8
vulnerability VCID-6x4v-da7x-uyhh
9
vulnerability VCID-7v89-2sss-hfaz
10
vulnerability VCID-9dfs-rpqy-6kfa
11
vulnerability VCID-a3s2-c4k2-4ufn
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ard5-3cjv-1beu
14
vulnerability VCID-b266-wste-eqh6
15
vulnerability VCID-b8fw-ya7y-h7d8
16
vulnerability VCID-dav9-pgdh-8yey
17
vulnerability VCID-deks-ns51-nbdg
18
vulnerability VCID-dyhz-g3nv-yuc3
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-hay8-hvsq-33bm
21
vulnerability VCID-hkch-a5yn-jyg1
22
vulnerability VCID-j7bj-atys-qfg3
23
vulnerability VCID-kzrs-mrga-nyej
24
vulnerability VCID-p54u-b18k-jyft
25
vulnerability VCID-pzp5-2bpz-jfe2
26
vulnerability VCID-qwge-qrwn-1faj
27
vulnerability VCID-rd4g-h1j9-23cb
28
vulnerability VCID-t89y-c9hq-9bhk
29
vulnerability VCID-tpzm-u3qp-akc8
30
vulnerability VCID-uq9s-79g7-rqh6
31
vulnerability VCID-xv4d-ped2-4udz
32
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.9
2
url pkg:composer/drupal/core@9.0.8
purl pkg:composer/drupal/core@9.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-4p4c-7rdc-37fa
3
vulnerability VCID-54qh-fz2a-cyh6
4
vulnerability VCID-5jy9-mhbb-nuh7
5
vulnerability VCID-67da-qxh5-aydx
6
vulnerability VCID-6x4v-da7x-uyhh
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-a3s2-c4k2-4ufn
9
vulnerability VCID-a7ss-tkb6-gkge
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-b266-wste-eqh6
12
vulnerability VCID-b8fw-ya7y-h7d8
13
vulnerability VCID-bge7-rqsx-gfee
14
vulnerability VCID-deks-ns51-nbdg
15
vulnerability VCID-dyhz-g3nv-yuc3
16
vulnerability VCID-egtv-y9w1-skgr
17
vulnerability VCID-hay8-hvsq-33bm
18
vulnerability VCID-hkch-a5yn-jyg1
19
vulnerability VCID-j7bj-atys-qfg3
20
vulnerability VCID-kzrs-mrga-nyej
21
vulnerability VCID-p54u-b18k-jyft
22
vulnerability VCID-qwge-qrwn-1faj
23
vulnerability VCID-rd4g-h1j9-23cb
24
vulnerability VCID-t89y-c9hq-9bhk
25
vulnerability VCID-tpzm-u3qp-akc8
26
vulnerability VCID-uq9s-79g7-rqh6
27
vulnerability VCID-xv4d-ped2-4udz
28
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.8
aliases CVE-2020-13671, GHSA-68jc-v27h-vhmw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsv7-je8g-sqet
39
url VCID-wszp-2es5-z7fy
vulnerability_id VCID-wszp-2es5-z7fy
summary 
Moderately critical - Third-party libraries - SA-CORE-2019-007
The `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11831
reference_id
reference_type
scores
0
value 0.28615
scoring_system epss
scoring_elements 0.96626
published_at 2026-06-05T12:55:00Z
1
value 0.28615
scoring_system epss
scoring_elements 0.96622
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11831
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11831
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml
5
reference_url https://github.com/TYPO3/phar-stream-wrapper
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper
6
reference_url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1
7
reference_url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1
8
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
27
reference_url https://seclists.org/bugtraq/2019/May/36
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/36
28
reference_url https://typo3.org/security/advisory/typo3-psa-2019-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-psa-2019-007
29
reference_url https://typo3.org/security/advisory/typo3-psa-2019-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-psa-2019-007/
30
reference_url https://www.debian.org/security/2019/dsa-4445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4445
31
reference_url https://www.drupal.org/sa-core-2019-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-007
32
reference_url https://www.drupal.org/SA-CORE-2019-007
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2019-007
33
reference_url https://www.synology.com/security/advisory/Synology_SA_19_22
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_22
34
reference_url http://www.securityfocus.com/bid/108302
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108302
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11831
reference_id CVE-2019-11831
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11831
36
reference_url https://github.com/advisories/GHSA-xv7v-rf6g-xwrc
reference_id GHSA-xv7v-rf6g-xwrc
reference_type
scores
url https://github.com/advisories/GHSA-xv7v-rf6g-xwrc
fixed_packages
0
url pkg:composer/drupal/core@8.6.16
purl pkg:composer/drupal/core@8.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3pj1-y73r-vyhh
5
vulnerability VCID-3xk4-qwaq-5yaj
6
vulnerability VCID-4p4c-7rdc-37fa
7
vulnerability VCID-4q59-j6u4-qfhk
8
vulnerability VCID-5jy9-mhbb-nuh7
9
vulnerability VCID-67w7-gq9f-ukf1
10
vulnerability VCID-6s93-1cpz-yyg8
11
vulnerability VCID-7v89-2sss-hfaz
12
vulnerability VCID-a3s2-c4k2-4ufn
13
vulnerability VCID-a7ss-tkb6-gkge
14
vulnerability VCID-ard5-3cjv-1beu
15
vulnerability VCID-avmn-kqky-83dd
16
vulnerability VCID-b8fw-ya7y-h7d8
17
vulnerability VCID-ckvk-xm4a-2qey
18
vulnerability VCID-dav9-pgdh-8yey
19
vulnerability VCID-deks-ns51-nbdg
20
vulnerability VCID-dyhz-g3nv-yuc3
21
vulnerability VCID-egtv-y9w1-skgr
22
vulnerability VCID-hay8-hvsq-33bm
23
vulnerability VCID-hkch-a5yn-jyg1
24
vulnerability VCID-j7bj-atys-qfg3
25
vulnerability VCID-kzrs-mrga-nyej
26
vulnerability VCID-nacy-y1qt-5yhb
27
vulnerability VCID-p54u-b18k-jyft
28
vulnerability VCID-pzp5-2bpz-jfe2
29
vulnerability VCID-rd4g-h1j9-23cb
30
vulnerability VCID-t89y-c9hq-9bhk
31
vulnerability VCID-tpzm-u3qp-akc8
32
vulnerability VCID-uq9s-79g7-rqh6
33
vulnerability VCID-wsv7-je8g-sqet
34
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.16
1
url pkg:composer/drupal/core@8.7.1
purl pkg:composer/drupal/core@8.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5f-q858-huaw
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3pj1-y73r-vyhh
5
vulnerability VCID-3xk4-qwaq-5yaj
6
vulnerability VCID-4p4c-7rdc-37fa
7
vulnerability VCID-4q59-j6u4-qfhk
8
vulnerability VCID-54qh-fz2a-cyh6
9
vulnerability VCID-5jy9-mhbb-nuh7
10
vulnerability VCID-67w7-gq9f-ukf1
11
vulnerability VCID-6s93-1cpz-yyg8
12
vulnerability VCID-7v89-2sss-hfaz
13
vulnerability VCID-a3s2-c4k2-4ufn
14
vulnerability VCID-a7ss-tkb6-gkge
15
vulnerability VCID-ard5-3cjv-1beu
16
vulnerability VCID-avmn-kqky-83dd
17
vulnerability VCID-b8fw-ya7y-h7d8
18
vulnerability VCID-ckvk-xm4a-2qey
19
vulnerability VCID-dav9-pgdh-8yey
20
vulnerability VCID-deks-ns51-nbdg
21
vulnerability VCID-dyhz-g3nv-yuc3
22
vulnerability VCID-egtv-y9w1-skgr
23
vulnerability VCID-hay8-hvsq-33bm
24
vulnerability VCID-hkch-a5yn-jyg1
25
vulnerability VCID-j7bj-atys-qfg3
26
vulnerability VCID-jed8-4cv5-6bcr
27
vulnerability VCID-kzrs-mrga-nyej
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-p54u-b18k-jyft
30
vulnerability VCID-pzp5-2bpz-jfe2
31
vulnerability VCID-rd4g-h1j9-23cb
32
vulnerability VCID-t89y-c9hq-9bhk
33
vulnerability VCID-tp81-dw6e-9qah
34
vulnerability VCID-tpzm-u3qp-akc8
35
vulnerability VCID-uq9s-79g7-rqh6
36
vulnerability VCID-vjrr-h9sh-3bcu
37
vulnerability VCID-wsv7-je8g-sqet
38
vulnerability VCID-yq4q-hydz-vuga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.1
aliases CVE-2019-11831, GHSA-xv7v-rf6g-xwrc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wszp-2es5-z7fy
40
url VCID-yq4q-hydz-vuga
vulnerability_id VCID-yq4q-hydz-vuga
summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33091
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13081
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2025-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/
url https://www.drupal.org/sa-core-2025-006
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
reference_id CVE-2025-13081
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 4.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13081
4
reference_url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
reference_id GHSA-m6vv-vcj8-w8m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6vv-vcj8-w8m7
fixed_packages
0
url pkg:composer/drupal/core@10.4.9
purl pkg:composer/drupal/core@10.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9
1
url pkg:composer/drupal/core@10.5.6
purl pkg:composer/drupal/core@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6
2
url pkg:composer/drupal/core@11.1.9
purl pkg:composer/drupal/core@11.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9
3
url pkg:composer/drupal/core@11.2.8
purl pkg:composer/drupal/core@11.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8
aliases CVE-2025-13081, GHSA-m6vv-vcj8-w8m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yq4q-hydz-vuga
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.7