Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@8.9.3
Typecomposer
Namespacedrupal
Namecore
Version8.9.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.4.14
Latest_non_vulnerable_version11.3.7
Affected_by_vulnerabilities
0
url VCID-2fas-m6vh-myhc
vulnerability_id VCID-2fas-m6vh-myhc
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41744
published_at 2026-06-04T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.4182
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13677
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b
3
reference_url https://www.drupal.org/sa-core-2021-010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-010
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
reference_id CVE-2020-13677
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13677
6
reference_url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
reference_id GHSA-3xr3-phjp-g6p2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3xr3-phjp-g6p2
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-dyhz-g3nv-yuc3
4
vulnerability VCID-egtv-y9w1-skgr
5
vulnerability VCID-hkch-a5yn-jyg1
6
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-5nbj-5x5a-93hz
3
vulnerability VCID-a7ss-tkb6-gkge
4
vulnerability VCID-ard5-3cjv-1beu
5
vulnerability VCID-bge7-rqsx-gfee
6
vulnerability VCID-dyhz-g3nv-yuc3
7
vulnerability VCID-egtv-y9w1-skgr
8
vulnerability VCID-hkch-a5yn-jyg1
9
vulnerability VCID-rd4g-h1j9-23cb
10
vulnerability VCID-ydy1-x277-1fhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13677, GHSA-3xr3-phjp-g6p2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fas-m6vh-myhc
1
url VCID-2t34-82p3-73c3
vulnerability_id VCID-2t34-82p3-73c3
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52072
published_at 2026-06-04T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.52133
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13676
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
3
reference_url https://www.drupal.org/sa-core-2021-009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-009
4
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
reference_id CVE-2020-13676
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13676
6
reference_url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
reference_id GHSA-qfhg-m6r8-xxpj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qfhg-m6r8-xxpj
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-dyhz-g3nv-yuc3
4
vulnerability VCID-egtv-y9w1-skgr
5
vulnerability VCID-hkch-a5yn-jyg1
6
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-5nbj-5x5a-93hz
3
vulnerability VCID-a7ss-tkb6-gkge
4
vulnerability VCID-ard5-3cjv-1beu
5
vulnerability VCID-bge7-rqsx-gfee
6
vulnerability VCID-dyhz-g3nv-yuc3
7
vulnerability VCID-egtv-y9w1-skgr
8
vulnerability VCID-hkch-a5yn-jyg1
9
vulnerability VCID-rd4g-h1j9-23cb
10
vulnerability VCID-ydy1-x277-1fhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13676, GHSA-qfhg-m6r8-xxpj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2t34-82p3-73c3
2
url VCID-31qy-vagp-83b6
vulnerability_id VCID-31qy-vagp-83b6
summary 
Exposure of Resource to Wrong Sphere
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62662
published_at 2026-06-04T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62706
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13670
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d
3
reference_url https://www.drupal.org/sa-core-2020-011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-011
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
reference_id CVE-2020-13670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13670
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
reference_id CVE-2020-13670.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml
7
reference_url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
reference_id GHSA-mmjr-5q74-p3m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmjr-5q74-p3m4
fixed_packages
0
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-9dfs-rpqy-6kfa
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-dyhz-g3nv-yuc3
11
vulnerability VCID-egtv-y9w1-skgr
12
vulnerability VCID-hkch-a5yn-jyg1
13
vulnerability VCID-rd4g-h1j9-23cb
14
vulnerability VCID-tpzm-u3qp-akc8
15
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
1
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5jy9-mhbb-nuh7
2
vulnerability VCID-67da-qxh5-aydx
3
vulnerability VCID-9dfs-rpqy-6kfa
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-bge7-rqsx-gfee
7
vulnerability VCID-dyhz-g3nv-yuc3
8
vulnerability VCID-egtv-y9w1-skgr
9
vulnerability VCID-hkch-a5yn-jyg1
10
vulnerability VCID-rd4g-h1j9-23cb
11
vulnerability VCID-tpzm-u3qp-akc8
12
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13670, GHSA-mmjr-5q74-p3m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31qy-vagp-83b6
3
url VCID-3xk4-qwaq-5yaj
vulnerability_id VCID-3xk4-qwaq-5yaj
summary 
Improper Access Control
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
reference_id
reference_type
scores
0
value 0.00479
scoring_system epss
scoring_elements 0.6539
published_at 2026-06-04T12:55:00Z
1
value 0.00479
scoring_system epss
scoring_elements 0.65441
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25278
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-013
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/
url https://www.drupal.org/sa-core-2022-013
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
reference_id CVE-2022-25278
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25278
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
reference_id CVE-2022-25278.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml
5
reference_url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
reference_id GHSA-cfh2-7f6h-3m85
reference_type
scores
url https://github.com/advisories/GHSA-cfh2-7f6h-3m85
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
1
vulnerability VCID-hkch-a5yn-jyg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
1
vulnerability VCID-hkch-a5yn-jyg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25278, GHSA-cfh2-7f6h-3m85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xk4-qwaq-5yaj
4
url VCID-5jy9-mhbb-nuh7
vulnerability_id VCID-5jy9-mhbb-nuh7
summary 
Deserialization of Untrusted Data
Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
reference_id
reference_type
scores
0
value 0.76873
scoring_system epss
scoring_elements 0.98976
published_at 2026-06-05T12:55:00Z
1
value 0.76873
scoring_system epss
scoring_elements 0.98975
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28948
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
4
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
5
reference_url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
6
reference_url https://github.com/pear/Archive_Tar/issues/33
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/issues/33
7
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
14
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-23
15
reference_url https://www.debian.org/security/2020/dsa-4817
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4817
16
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
reference_id 1904001
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1904001
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id 976108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
reference_id CVE-2020-28948
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28948
20
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
21
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
22
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
23
reference_url https://usn.ubuntu.com/4654-1/
reference_id USN-4654-1
reference_type
scores
url https://usn.ubuntu.com/4654-1/
24
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
25
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@8.9.10
purl pkg:composer/drupal/core@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-67da-qxh5-aydx
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-a7ss-tkb6-gkge
6
vulnerability VCID-ard5-3cjv-1beu
7
vulnerability VCID-dav9-pgdh-8yey
8
vulnerability VCID-dyhz-g3nv-yuc3
9
vulnerability VCID-egtv-y9w1-skgr
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-rd4g-h1j9-23cb
12
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10
1
url pkg:composer/drupal/core@9.0.0-alpha1
purl pkg:composer/drupal/core@9.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-dyhz-g3nv-yuc3
4
vulnerability VCID-egtv-y9w1-skgr
5
vulnerability VCID-hkch-a5yn-jyg1
6
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1
2
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-67da-qxh5-aydx
2
vulnerability VCID-a7ss-tkb6-gkge
3
vulnerability VCID-ard5-3cjv-1beu
4
vulnerability VCID-bge7-rqsx-gfee
5
vulnerability VCID-dyhz-g3nv-yuc3
6
vulnerability VCID-egtv-y9w1-skgr
7
vulnerability VCID-hkch-a5yn-jyg1
8
vulnerability VCID-rd4g-h1j9-23cb
9
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
3
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
aliases CVE-2020-28948, GHSA-jh5x-hfhg-78jq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jy9-mhbb-nuh7
5
url VCID-67da-qxh5-aydx
vulnerability_id VCID-67da-qxh5-aydx
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36193.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36193
reference_id
reference_type
scores
0
value 0.71148
scoring_system epss
scoring_elements 0.9873
published_at 2026-06-04T12:55:00Z
1
value 0.71148
scoring_system epss
scoring_elements 0.98731
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36193
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36193
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36193
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
5
reference_url https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
6
reference_url https://github.com/pear/Archive_Tar/issues/35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/issues/35
7
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html
8
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
17
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://security.gentoo.org/glsa/202101-23
18
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-36193
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-36193
19
reference_url https://www.debian.org/security/2021/dsa-4894
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://www.debian.org/security/2021/dsa-4894
20
reference_url https://www.drupal.org/sa-core-2021-001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://www.drupal.org/sa-core-2021-001
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1942961
reference_id 1942961
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1942961
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
reference_id 42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428
reference_id 980428
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428
24
reference_url https://security.archlinux.org/ASA-202102-7
reference_id ASA-202102-7
reference_type
scores
url https://security.archlinux.org/ASA-202102-7
25
reference_url https://security.archlinux.org/AVG-1463
reference_id AVG-1463
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1463
26
reference_url https://security.archlinux.org/AVG-1464
reference_id AVG-1464
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1464
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36193
reference_id CVE-2020-36193
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36193
28
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-36193.yaml
reference_id CVE-2020-36193.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-36193.yaml
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/
reference_id FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2/
30
reference_url https://github.com/advisories/GHSA-rpw6-9xfx-jvcx
reference_id GHSA-rpw6-9xfx-jvcx
reference_type
scores
url https://github.com/advisories/GHSA-rpw6-9xfx-jvcx
31
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
32
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
33
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
34
reference_url https://usn.ubuntu.com/4723-1/
reference_id USN-4723-1
reference_type
scores
url https://usn.ubuntu.com/4723-1/
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
reference_id VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/
reference_id YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-04T20:21:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKD5WEFA4WT6AVTMRAYBNXZNLWZHM7FH/
fixed_packages
0
url pkg:composer/drupal/core@8.9.13
purl pkg:composer/drupal/core@8.9.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-7v89-2sss-hfaz
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-dyhz-g3nv-yuc3
8
vulnerability VCID-egtv-y9w1-skgr
9
vulnerability VCID-hkch-a5yn-jyg1
10
vulnerability VCID-rd4g-h1j9-23cb
11
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.13
1
url pkg:composer/drupal/core@9.0.0-alpha1
purl pkg:composer/drupal/core@9.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-dyhz-g3nv-yuc3
4
vulnerability VCID-egtv-y9w1-skgr
5
vulnerability VCID-hkch-a5yn-jyg1
6
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1
2
url pkg:composer/drupal/core@9.0.11
purl pkg:composer/drupal/core@9.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
8
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.11
3
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
4
url pkg:composer/drupal/core@9.1.3
purl pkg:composer/drupal/core@9.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-7v89-2sss-hfaz
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-bge7-rqsx-gfee
7
vulnerability VCID-dav9-pgdh-8yey
8
vulnerability VCID-dyhz-g3nv-yuc3
9
vulnerability VCID-egtv-y9w1-skgr
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-rd4g-h1j9-23cb
12
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.3
aliases CVE-2020-36193, GHSA-rpw6-9xfx-jvcx
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67da-qxh5-aydx
6
url VCID-7v89-2sss-hfaz
vulnerability_id VCID-7v89-2sss-hfaz
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.3383
published_at 2026-06-04T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.33934
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13674
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
3
reference_url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
4
reference_url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
5
reference_url https://www.drupal.org/sa-core-2021-007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-007
6
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
reference_id CVE-2020-13674
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13674
8
reference_url https://github.com/advisories/GHSA-j586-cj67-vg4p
reference_id GHSA-j586-cj67-vg4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j586-cj67-vg4p
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-dyhz-g3nv-yuc3
4
vulnerability VCID-egtv-y9w1-skgr
5
vulnerability VCID-hkch-a5yn-jyg1
6
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-5nbj-5x5a-93hz
3
vulnerability VCID-a7ss-tkb6-gkge
4
vulnerability VCID-ard5-3cjv-1beu
5
vulnerability VCID-bge7-rqsx-gfee
6
vulnerability VCID-dyhz-g3nv-yuc3
7
vulnerability VCID-egtv-y9w1-skgr
8
vulnerability VCID-hkch-a5yn-jyg1
9
vulnerability VCID-rd4g-h1j9-23cb
10
vulnerability VCID-ydy1-x277-1fhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13674, GHSA-j586-cj67-vg4p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v89-2sss-hfaz
7
url VCID-9dfs-rpqy-6kfa
vulnerability_id VCID-9dfs-rpqy-6kfa
summary 
Injection Vulnerability
archive_tar has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed.
references
0
reference_url http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28949
reference_id
reference_type
scores
0
value 0.93364
scoring_system epss
scoring_elements 0.99822
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28949
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
5
reference_url https://github.com/pear/Archive_Tar
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar
6
reference_url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
7
reference_url https://github.com/pear/Archive_Tar/issues/33
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://github.com/pear/Archive_Tar/issues/33
8
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
21
reference_url https://security.gentoo.org/glsa/202101-23
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://security.gentoo.org/glsa/202101-23
22
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949
23
reference_url https://www.debian.org/security/2020/dsa-4817
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://www.debian.org/security/2020/dsa-4817
24
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://www.drupal.org/sa-core-2020-013
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1910323
reference_id 1910323
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1910323
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
reference_id 42GPGVVFTLJYAKRI75IVB5R45NYQGEUR
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/
reference_id 4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id 5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
29
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id 976108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28949
reference_id CVE-2020-28949
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28949
31
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml
reference_id CVE-2020-28949.YAML
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml
32
reference_url https://github.com/advisories/GHSA-75c5-f4gw-38r9
reference_id GHSA-75c5-f4gw-38r9
reference_type
scores
url https://github.com/advisories/GHSA-75c5-f4gw-38r9
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/
reference_id NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/
35
reference_url https://access.redhat.com/errata/RHSA-2022:6541
reference_id RHSA-2022:6541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6541
36
reference_url https://access.redhat.com/errata/RHSA-2022:6542
reference_id RHSA-2022:6542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6542
37
reference_url https://access.redhat.com/errata/RHSA-2022:7340
reference_id RHSA-2022:7340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7340
38
reference_url https://usn.ubuntu.com/4654-1/
reference_id USN-4654-1
reference_type
scores
url https://usn.ubuntu.com/4654-1/
39
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
40
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
reference_id VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
fixed_packages
0
url pkg:composer/drupal/core@8.9.10
purl pkg:composer/drupal/core@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-67da-qxh5-aydx
4
vulnerability VCID-7v89-2sss-hfaz
5
vulnerability VCID-a7ss-tkb6-gkge
6
vulnerability VCID-ard5-3cjv-1beu
7
vulnerability VCID-dav9-pgdh-8yey
8
vulnerability VCID-dyhz-g3nv-yuc3
9
vulnerability VCID-egtv-y9w1-skgr
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-rd4g-h1j9-23cb
12
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10
1
url pkg:composer/drupal/core@9.0.0-alpha1
purl pkg:composer/drupal/core@9.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-dyhz-g3nv-yuc3
4
vulnerability VCID-egtv-y9w1-skgr
5
vulnerability VCID-hkch-a5yn-jyg1
6
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1
2
url pkg:composer/drupal/core@9.0.9
purl pkg:composer/drupal/core@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-67da-qxh5-aydx
2
vulnerability VCID-a7ss-tkb6-gkge
3
vulnerability VCID-ard5-3cjv-1beu
4
vulnerability VCID-bge7-rqsx-gfee
5
vulnerability VCID-dyhz-g3nv-yuc3
6
vulnerability VCID-egtv-y9w1-skgr
7
vulnerability VCID-hkch-a5yn-jyg1
8
vulnerability VCID-rd4g-h1j9-23cb
9
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9
3
url pkg:composer/drupal/core@9.1.0-alpha1
purl pkg:composer/drupal/core@9.1.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1
aliases CVE-2020-28949, GHSA-75c5-f4gw-38r9
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dfs-rpqy-6kfa
8
url VCID-9rmk-e8zd-9bcw
vulnerability_id VCID-9rmk-e8zd-9bcw
summary 
Incorrect Default Permissions
Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module does not sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13667
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34495
published_at 2026-06-05T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.34397
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13667
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13667.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13667.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13667.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13667.yaml
4
reference_url https://www.drupal.org/sa-core-2020-008
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-008
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13667
reference_id CVE-2020-13667
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13667
6
reference_url https://github.com/advisories/GHSA-x2q9-r8gm-f657
reference_id GHSA-x2q9-r8gm-f657
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2q9-r8gm-f657
fixed_packages
0
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-9dfs-rpqy-6kfa
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-dyhz-g3nv-yuc3
11
vulnerability VCID-egtv-y9w1-skgr
12
vulnerability VCID-hkch-a5yn-jyg1
13
vulnerability VCID-rd4g-h1j9-23cb
14
vulnerability VCID-tpzm-u3qp-akc8
15
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
1
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5jy9-mhbb-nuh7
2
vulnerability VCID-67da-qxh5-aydx
3
vulnerability VCID-9dfs-rpqy-6kfa
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-bge7-rqsx-gfee
7
vulnerability VCID-dyhz-g3nv-yuc3
8
vulnerability VCID-egtv-y9w1-skgr
9
vulnerability VCID-hkch-a5yn-jyg1
10
vulnerability VCID-rd4g-h1j9-23cb
11
vulnerability VCID-tpzm-u3qp-akc8
12
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13667, GHSA-x2q9-r8gm-f657
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9rmk-e8zd-9bcw
9
url VCID-a7ss-tkb6-gkge
vulnerability_id VCID-a7ss-tkb6-gkge
summary 
Improper access control
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
reference_id
reference_type
scores
0
value 0.00579
scoring_system epss
scoring_elements 0.69245
published_at 2026-06-04T12:55:00Z
1
value 0.00579
scoring_system epss
scoring_elements 0.69285
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25275
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf
3
reference_url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116
4
reference_url https://www.drupal.org/sa-core-2022-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/
url https://www.drupal.org/sa-core-2022-012
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
reference_id CVE-2022-25275
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25275
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
reference_id CVE-2022-25275.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml
7
reference_url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
reference_id GHSA-xh3v-6f9j-wxw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh3v-6f9j-wxw3
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
1
vulnerability VCID-hkch-a5yn-jyg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
1
vulnerability VCID-hkch-a5yn-jyg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25275, GHSA-xh3v-6f9j-wxw3, GMS-2022-3362
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7ss-tkb6-gkge
10
url VCID-ard5-3cjv-1beu
vulnerability_id VCID-ard5-3cjv-1beu
summary 
Improper Input Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
reference_id
reference_type
scores
0
value 0.00931
scoring_system epss
scoring_elements 0.76518
published_at 2026-06-05T12:55:00Z
1
value 0.00931
scoring_system epss
scoring_elements 0.76489
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
3
reference_url https://github.com/guzzle/psr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7
4
reference_url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
5
reference_url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
6
reference_url https://www.drupal.org/sa-core-2022-006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://www.drupal.org/sa-core-2022-006
7
reference_url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
reference_id 1008236
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
reference_id CVE-2022-24775
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
10
reference_url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
11
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
12
reference_url https://usn.ubuntu.com/6670-1/
reference_id USN-6670-1
reference_type
scores
url https://usn.ubuntu.com/6670-1/
fixed_packages
0
url pkg:composer/drupal/core@9.2.16
purl pkg:composer/drupal/core@9.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5nbj-5x5a-93hz
2
vulnerability VCID-a7ss-tkb6-gkge
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.16
1
url pkg:composer/drupal/core@9.3.0-alpha1
purl pkg:composer/drupal/core@9.3.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-bge7-rqsx-gfee
3
vulnerability VCID-dyhz-g3nv-yuc3
4
vulnerability VCID-hkch-a5yn-jyg1
5
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0-alpha1
2
url pkg:composer/drupal/core@9.3.9
purl pkg:composer/drupal/core@9.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5nbj-5x5a-93hz
2
vulnerability VCID-a7ss-tkb6-gkge
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-g1ew-tnk9-cuh7
7
vulnerability VCID-hkch-a5yn-jyg1
8
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.9
3
url pkg:composer/drupal/core@10.0.0-alpha1
purl pkg:composer/drupal/core@10.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.0-alpha1
aliases CVE-2022-24775, GHSA-q7rv-6hp3-vh96
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ard5-3cjv-1beu
11
url VCID-avmn-kqky-83dd
vulnerability_id VCID-avmn-kqky-83dd
summary 
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42349
published_at 2026-06-04T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42424
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13669
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-010
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
reference_id CVE-2020-13669
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13669
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
reference_id CVE-2020-13669.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
6
reference_url https://github.com/advisories/GHSA-c533-c843-67h8
reference_id GHSA-c533-c843-67h8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c533-c843-67h8
fixed_packages
0
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-9dfs-rpqy-6kfa
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-dyhz-g3nv-yuc3
11
vulnerability VCID-egtv-y9w1-skgr
12
vulnerability VCID-hkch-a5yn-jyg1
13
vulnerability VCID-rd4g-h1j9-23cb
14
vulnerability VCID-tpzm-u3qp-akc8
15
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
1
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5jy9-mhbb-nuh7
2
vulnerability VCID-67da-qxh5-aydx
3
vulnerability VCID-9dfs-rpqy-6kfa
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-bge7-rqsx-gfee
7
vulnerability VCID-dyhz-g3nv-yuc3
8
vulnerability VCID-egtv-y9w1-skgr
9
vulnerability VCID-hkch-a5yn-jyg1
10
vulnerability VCID-rd4g-h1j9-23cb
11
vulnerability VCID-tpzm-u3qp-akc8
12
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13669, GHSA-c533-c843-67h8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avmn-kqky-83dd
12
url VCID-dav9-pgdh-8yey
vulnerability_id VCID-dav9-pgdh-8yey
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
reference_id
reference_type
scores
0
value 0.00797
scoring_system epss
scoring_elements 0.74383
published_at 2026-06-05T12:55:00Z
1
value 0.00797
scoring_system epss
scoring_elements 0.7435
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13675
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-008
3
reference_url https://security.archlinux.org/AVG-2407
reference_id AVG-2407
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2407
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
reference_id CVE-2020-13675
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13675
5
reference_url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
reference_id GHSA-v8wr-r69p-mmwx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8wr-r69p-mmwx
fixed_packages
0
url pkg:composer/drupal/core@8.9.19
purl pkg:composer/drupal/core@8.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-dyhz-g3nv-yuc3
4
vulnerability VCID-egtv-y9w1-skgr
5
vulnerability VCID-hkch-a5yn-jyg1
6
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19
1
url pkg:composer/drupal/core@9.1.13
purl pkg:composer/drupal/core@9.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13
2
url pkg:composer/drupal/core@9.2.6
purl pkg:composer/drupal/core@9.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-3xk4-qwaq-5yaj
2
vulnerability VCID-5nbj-5x5a-93hz
3
vulnerability VCID-a7ss-tkb6-gkge
4
vulnerability VCID-ard5-3cjv-1beu
5
vulnerability VCID-bge7-rqsx-gfee
6
vulnerability VCID-dyhz-g3nv-yuc3
7
vulnerability VCID-egtv-y9w1-skgr
8
vulnerability VCID-hkch-a5yn-jyg1
9
vulnerability VCID-rd4g-h1j9-23cb
10
vulnerability VCID-ydy1-x277-1fhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6
aliases CVE-2020-13675, GHSA-v8wr-r69p-mmwx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dav9-pgdh-8yey
13
url VCID-dyhz-g3nv-yuc3
vulnerability_id VCID-dyhz-g3nv-yuc3
summary 
Lack of domain validation in Druple core
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
reference_id
reference_type
scores
0
value 0.01831
scoring_system epss
scoring_elements 0.83257
published_at 2026-06-04T12:55:00Z
1
value 0.01831
scoring_system epss
scoring_elements 0.83283
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25276
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-015
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2022-015
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
reference_id CVE-2022-25276
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25276
4
reference_url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
reference_id GHSA-4wfq-jc9h-vpcx
reference_type
scores
url https://github.com/advisories/GHSA-4wfq-jc9h-vpcx
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
1
vulnerability VCID-hkch-a5yn-jyg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
1
vulnerability VCID-hkch-a5yn-jyg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25276, GHSA-4wfq-jc9h-vpcx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dyhz-g3nv-yuc3
14
url VCID-egtv-y9w1-skgr
vulnerability_id VCID-egtv-y9w1-skgr
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
reference_id
reference_type
scores
0
value 0.0047
scoring_system epss
scoring_elements 0.64955
published_at 2026-06-05T12:55:00Z
1
value 0.0047
scoring_system epss
scoring_elements 0.64912
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/
url https://www.drupal.org/sa-core-2022-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
reference_id CVE-2022-25273
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
4
reference_url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
reference_id GHSA-g36h-4jr6-qmm9
reference_type
scores
url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
fixed_packages
0
url pkg:composer/drupal/core@9.2.18
purl pkg:composer/drupal/core@9.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5nbj-5x5a-93hz
2
vulnerability VCID-a7ss-tkb6-gkge
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-hkch-a5yn-jyg1
6
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.18
1
url pkg:composer/drupal/core@9.3.12
purl pkg:composer/drupal/core@9.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5nbj-5x5a-93hz
2
vulnerability VCID-a7ss-tkb6-gkge
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-hkch-a5yn-jyg1
6
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.12
aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egtv-y9w1-skgr
15
url VCID-hkch-a5yn-jyg1
vulnerability_id VCID-hkch-a5yn-jyg1
summary Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
reference_id
reference_type
scores
0
value 0.09505
scoring_system epss
scoring_elements 0.92989
published_at 2026-06-04T12:55:00Z
1
value 0.09505
scoring_system epss
scoring_elements 0.93
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39261
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml
3
reference_url https://github.com/twigphp/Twig
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twigphp/Twig
4
reference_url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b
5
reference_url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33
6
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39261
20
reference_url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader
21
reference_url https://www.debian.org/security/2022/dsa-5248
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.debian.org/security/2022/dsa-5248
22
reference_url https://www.drupal.org/sa-core-2022-016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://www.drupal.org/sa-core-2022-016
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
reference_id 1020991
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id 2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
26
reference_url https://github.com/advisories/GHSA-52m2-vc4m-jj33
reference_id GHSA-52m2-vc4m-jj33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52m2-vc4m-jj33
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
29
reference_url https://usn.ubuntu.com/5947-1/
reference_id USN-5947-1
reference_type
scores
url https://usn.ubuntu.com/5947-1/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
fixed_packages
0
url pkg:composer/drupal/core@9.3.22
purl pkg:composer/drupal/core@9.3.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.22
1
url pkg:composer/drupal/core@9.4.0-alpha1
purl pkg:composer/drupal/core@9.4.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1
2
url pkg:composer/drupal/core@9.4.7
purl pkg:composer/drupal/core@9.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.7
3
url pkg:composer/drupal/core@9.5.0-beta1
purl pkg:composer/drupal/core@9.5.0-beta1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.0-beta1
aliases CVE-2022-39261, GHSA-52m2-vc4m-jj33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkch-a5yn-jyg1
16
url VCID-nacy-y1qt-5yhb
vulnerability_id VCID-nacy-y1qt-5yhb
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44935
published_at 2026-06-04T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.45004
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13668
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
3
reference_url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
4
reference_url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
5
reference_url https://www.drupal.org/sa-core-2020-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-009
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
reference_id CVE-2020-13668
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13668
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
reference_id CVE-2020-13668.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
9
reference_url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
reference_id GHSA-m6q5-wv4x-fv6h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6q5-wv4x-fv6h
fixed_packages
0
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-9dfs-rpqy-6kfa
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-dyhz-g3nv-yuc3
11
vulnerability VCID-egtv-y9w1-skgr
12
vulnerability VCID-hkch-a5yn-jyg1
13
vulnerability VCID-rd4g-h1j9-23cb
14
vulnerability VCID-tpzm-u3qp-akc8
15
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
1
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5jy9-mhbb-nuh7
2
vulnerability VCID-67da-qxh5-aydx
3
vulnerability VCID-9dfs-rpqy-6kfa
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-bge7-rqsx-gfee
7
vulnerability VCID-dyhz-g3nv-yuc3
8
vulnerability VCID-egtv-y9w1-skgr
9
vulnerability VCID-hkch-a5yn-jyg1
10
vulnerability VCID-rd4g-h1j9-23cb
11
vulnerability VCID-tpzm-u3qp-akc8
12
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13668, GHSA-m6q5-wv4x-fv6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nacy-y1qt-5yhb
17
url VCID-rd4g-h1j9-23cb
vulnerability_id VCID-rd4g-h1j9-23cb
summary 
Unrestricted Upload of File with Dangerous Type
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously does not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
reference_id
reference_type
scores
0
value 0.02448
scoring_system epss
scoring_elements 0.85496
published_at 2026-06-05T12:55:00Z
1
value 0.02448
scoring_system epss
scoring_elements 0.85472
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25277
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17
3
reference_url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a
4
reference_url https://www.drupal.org/sa-core-2022-014
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/
url https://www.drupal.org/sa-core-2022-014
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
reference_id CVE-2022-25277
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25277
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
reference_id CVE-2022-25277.YAML
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml
7
reference_url https://github.com/advisories/GHSA-6955-67hm-vjjq
reference_id GHSA-6955-67hm-vjjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6955-67hm-vjjq
fixed_packages
0
url pkg:composer/drupal/core@9.3.19
purl pkg:composer/drupal/core@9.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
1
vulnerability VCID-hkch-a5yn-jyg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19
1
url pkg:composer/drupal/core@9.4.3
purl pkg:composer/drupal/core@9.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bge7-rqsx-gfee
1
vulnerability VCID-hkch-a5yn-jyg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3
aliases CVE-2022-25277, GHSA-6955-67hm-vjjq, GMS-2022-3361
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rd4g-h1j9-23cb
18
url VCID-sg4r-hncm-dqcq
vulnerability_id VCID-sg4r-hncm-dqcq
summary 
Cross-site Scripting
A cross-site scripting vulnerability exists in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13666
reference_id
reference_type
scores
0
value 0.00509
scoring_system epss
scoring_elements 0.66703
published_at 2026-06-04T12:55:00Z
1
value 0.00509
scoring_system epss
scoring_elements 0.66744
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13666
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml
4
reference_url https://www.drupal.org/sa-core-2020-007
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-007
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13666
reference_id CVE-2020-13666
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13666
6
reference_url https://github.com/advisories/GHSA-8jj2-x2gc-ggm7
reference_id GHSA-8jj2-x2gc-ggm7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jj2-x2gc-ggm7
fixed_packages
0
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-9dfs-rpqy-6kfa
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-dyhz-g3nv-yuc3
11
vulnerability VCID-egtv-y9w1-skgr
12
vulnerability VCID-hkch-a5yn-jyg1
13
vulnerability VCID-rd4g-h1j9-23cb
14
vulnerability VCID-tpzm-u3qp-akc8
15
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
1
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5jy9-mhbb-nuh7
2
vulnerability VCID-67da-qxh5-aydx
3
vulnerability VCID-9dfs-rpqy-6kfa
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-bge7-rqsx-gfee
7
vulnerability VCID-dyhz-g3nv-yuc3
8
vulnerability VCID-egtv-y9w1-skgr
9
vulnerability VCID-hkch-a5yn-jyg1
10
vulnerability VCID-rd4g-h1j9-23cb
11
vulnerability VCID-tpzm-u3qp-akc8
12
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13666, GHSA-8jj2-x2gc-ggm7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg4r-hncm-dqcq
19
url VCID-tpzm-u3qp-akc8
vulnerability_id VCID-tpzm-u3qp-akc8
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.6851
published_at 2026-06-05T12:55:00Z
1
value 0.00555
scoring_system epss
scoring_elements 0.68469
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13672
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2021-002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-002
3
reference_url https://security.archlinux.org/AVG-1463
reference_id AVG-1463
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1463
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
reference_id CVE-2020-13672
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13672
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
reference_id CVE-2020-13672.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
7
reference_url https://github.com/advisories/GHSA-3m36-mjwj-352c
reference_id GHSA-3m36-mjwj-352c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3m36-mjwj-352c
fixed_packages
0
url pkg:composer/drupal/core@8.9.14
purl pkg:composer/drupal/core@8.9.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-7v89-2sss-hfaz
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-dav9-pgdh-8yey
7
vulnerability VCID-dyhz-g3nv-yuc3
8
vulnerability VCID-egtv-y9w1-skgr
9
vulnerability VCID-hkch-a5yn-jyg1
10
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14
1
url pkg:composer/drupal/core@9.0.12
purl pkg:composer/drupal/core@9.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-a7ss-tkb6-gkge
2
vulnerability VCID-ard5-3cjv-1beu
3
vulnerability VCID-bge7-rqsx-gfee
4
vulnerability VCID-dyhz-g3nv-yuc3
5
vulnerability VCID-egtv-y9w1-skgr
6
vulnerability VCID-hkch-a5yn-jyg1
7
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12
2
url pkg:composer/drupal/core@9.1.7
purl pkg:composer/drupal/core@9.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-7v89-2sss-hfaz
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-bge7-rqsx-gfee
7
vulnerability VCID-dav9-pgdh-8yey
8
vulnerability VCID-dyhz-g3nv-yuc3
9
vulnerability VCID-egtv-y9w1-skgr
10
vulnerability VCID-hkch-a5yn-jyg1
11
vulnerability VCID-rd4g-h1j9-23cb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7
aliases CVE-2020-13672, GHSA-3m36-mjwj-352c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpzm-u3qp-akc8
20
url VCID-wsv7-je8g-sqet
vulnerability_id VCID-wsv7-je8g-sqet
summary 
Drupal core Unrestricted Upload of File with Dangerous Type
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 0.04504
scoring_system epss
scoring_elements 0.89338
published_at 2026-06-05T12:55:00Z
1
value 0.04504
scoring_system epss
scoring_elements 0.8932
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13671
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
6
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671
7
reference_url https://www.drupal.org/sa-core-2020-012
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://www.drupal.org/sa-core-2020-012
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id 5KSFM672XW3X6BR7TVKRD63SLZGKK437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
reference_id CVE-2020-13671
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13671
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
reference_id CVE-2020-13671.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml
12
reference_url https://github.com/advisories/GHSA-68jc-v27h-vhmw
reference_id GHSA-68jc-v27h-vhmw
reference_type
scores
url https://github.com/advisories/GHSA-68jc-v27h-vhmw
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
14
reference_url https://usn.ubuntu.com/6981-1/
reference_id USN-6981-1
reference_type
scores
url https://usn.ubuntu.com/6981-1/
15
reference_url https://usn.ubuntu.com/6981-2/
reference_id USN-6981-2
reference_type
scores
url https://usn.ubuntu.com/6981-2/
fixed_packages
0
url pkg:composer/drupal/core@8.9.9
purl pkg:composer/drupal/core@8.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-9dfs-rpqy-6kfa
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-dyhz-g3nv-yuc3
11
vulnerability VCID-egtv-y9w1-skgr
12
vulnerability VCID-hkch-a5yn-jyg1
13
vulnerability VCID-rd4g-h1j9-23cb
14
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.9
1
url pkg:composer/drupal/core@9.0.8
purl pkg:composer/drupal/core@9.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5jy9-mhbb-nuh7
2
vulnerability VCID-67da-qxh5-aydx
3
vulnerability VCID-9dfs-rpqy-6kfa
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-bge7-rqsx-gfee
7
vulnerability VCID-dyhz-g3nv-yuc3
8
vulnerability VCID-egtv-y9w1-skgr
9
vulnerability VCID-hkch-a5yn-jyg1
10
vulnerability VCID-rd4g-h1j9-23cb
11
vulnerability VCID-tpzm-u3qp-akc8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.8
aliases CVE-2020-13671, GHSA-68jc-v27h-vhmw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsv7-je8g-sqet
21
url VCID-zr84-4jzv-2fd3
vulnerability_id VCID-zr84-4jzv-2fd3
summary 
Cross-site Scripting
Cross-site scripting vulnerability in Drupal Core allows an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13688
reference_id
reference_type
scores
0
value 0.0034
scoring_system epss
scoring_elements 0.56974
published_at 2026-06-04T12:55:00Z
1
value 0.0034
scoring_system epss
scoring_elements 0.57026
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13688
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2020-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-009
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13688
reference_id CVE-2020-13688
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13688
4
reference_url https://github.com/advisories/GHSA-qf2g-mrrx-rr5p
reference_id GHSA-qf2g-mrrx-rr5p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qf2g-mrrx-rr5p
fixed_packages
0
url pkg:composer/drupal/core@8.9.6
purl pkg:composer/drupal/core@8.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fas-m6vh-myhc
1
vulnerability VCID-2t34-82p3-73c3
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-5jy9-mhbb-nuh7
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-7v89-2sss-hfaz
6
vulnerability VCID-9dfs-rpqy-6kfa
7
vulnerability VCID-a7ss-tkb6-gkge
8
vulnerability VCID-ard5-3cjv-1beu
9
vulnerability VCID-dav9-pgdh-8yey
10
vulnerability VCID-dyhz-g3nv-yuc3
11
vulnerability VCID-egtv-y9w1-skgr
12
vulnerability VCID-hkch-a5yn-jyg1
13
vulnerability VCID-rd4g-h1j9-23cb
14
vulnerability VCID-tpzm-u3qp-akc8
15
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6
1
url pkg:composer/drupal/core@9.0.6
purl pkg:composer/drupal/core@9.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xk4-qwaq-5yaj
1
vulnerability VCID-5jy9-mhbb-nuh7
2
vulnerability VCID-67da-qxh5-aydx
3
vulnerability VCID-9dfs-rpqy-6kfa
4
vulnerability VCID-a7ss-tkb6-gkge
5
vulnerability VCID-ard5-3cjv-1beu
6
vulnerability VCID-bge7-rqsx-gfee
7
vulnerability VCID-dyhz-g3nv-yuc3
8
vulnerability VCID-egtv-y9w1-skgr
9
vulnerability VCID-hkch-a5yn-jyg1
10
vulnerability VCID-rd4g-h1j9-23cb
11
vulnerability VCID-tpzm-u3qp-akc8
12
vulnerability VCID-wsv7-je8g-sqet
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6
aliases CVE-2020-13688, GHSA-qf2g-mrrx-rr5p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr84-4jzv-2fd3
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.3