{"url":"http://public2.vulnerablecode.io/api/packages/371902?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.0-1","type":"alpm","namespace":"archlinux","name":"drupal","version":"9.2.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.2.9-1","latest_non_vulnerable_version":"9.2.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12888?format=json","vulnerability_id":"VCID-77zc-1gc8-r7b7","summary":"Unrestricted Upload of File with Dangerous Type\nDrupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13675","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74172","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74077","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74069","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74095","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74117","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74079","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74102","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74159","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74164","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73948","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73955","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73951","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73986","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73999","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74021","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74003","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74035","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74044","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74036","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74068","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13675"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.drupal.org/sa-core-2021-008","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-008"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13675","reference_id":"CVE-2020-13675","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13675"},{"reference_url":"https://github.com/advisories/GHSA-v8wr-r69p-mmwx","reference_id":"GHSA-v8wr-r69p-mmwx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8wr-r69p-mmwx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13675","GHSA-v8wr-r69p-mmwx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77zc-1gc8-r7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12886?format=json","vulnerability_id":"VCID-bkxp-gn34-67av","summary":"Cross-Site Request Forgery (CSRF)\nThe QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the \"access in-place editing\" permission from untrusted users will not fully mitigate the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13674","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3375","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34208","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34242","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34229","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34195","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33823","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33801","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33596","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33665","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33707","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33618","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3364","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33716","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33741","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33968","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34336","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.342","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34243","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34272","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34231","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13674"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6"},{"reference_url":"https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c"},{"reference_url":"https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8"},{"reference_url":"https://www.drupal.org/sa-core-2021-007","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-007"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13674","reference_id":"CVE-2020-13674","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13674"},{"reference_url":"https://github.com/advisories/GHSA-j586-cj67-vg4p","reference_id":"GHSA-j586-cj67-vg4p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j586-cj67-vg4p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13674","GHSA-j586-cj67-vg4p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkxp-gn34-67av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12876?format=json","vulnerability_id":"VCID-fwbj-ctxz-2bc6","summary":"Incorrect Authorization\nThe QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13676","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51916","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51897","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51903","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51884","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51833","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51795","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51743","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51799","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51824","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51904","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51912","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51748","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51797","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51823","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51784","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51839","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51837","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51888","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51854","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13676"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b"},{"reference_url":"https://www.drupal.org/sa-core-2021-009","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-009"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13676","reference_id":"CVE-2020-13676","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13676"},{"reference_url":"https://github.com/advisories/GHSA-qfhg-m6r8-xxpj","reference_id":"GHSA-qfhg-m6r8-xxpj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qfhg-m6r8-xxpj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13676","GHSA-qfhg-m6r8-xxpj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwbj-ctxz-2bc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/216559?format=json","vulnerability_id":"VCID-rbbv-82ff-mbcj","summary":"The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13673","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35007","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35231","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35432","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35457","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35341","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35387","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35377","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35355","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35394","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35382","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35074","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34985","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34863","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34936","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34973","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34876","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34903","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34991","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13673"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13673"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbbv-82ff-mbcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10975?format=json","vulnerability_id":"VCID-tk1v-t2e5-jqae","summary":"Improper Link Resolution Before File Access\nIn Archive_Tar, symlinks can refer to targets outside of the extracted archive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32610.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32610.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32610","reference_id":"","reference_type":"","scores":[{"value":"0.02948","scoring_system":"epss","scoring_elements":"0.86421","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02948","scoring_system":"epss","scoring_elements":"0.86464","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02948","scoring_system":"epss","scoring_elements":"0.86465","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02948","scoring_system":"epss","scoring_elements":"0.86451","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02948","scoring_system":"epss","scoring_elements":"0.86393","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02948","scoring_system":"epss","scoring_elements":"0.86441","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02948","scoring_system":"epss","scoring_elements":"0.86423","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02948","scoring_system":"epss","scoring_elements":"0.86403","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86705","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86689","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86671","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86649","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.8665","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86641","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86623","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.8663","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86624","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86611","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86752","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86743","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86712","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86701","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03018","scoring_system":"epss","scoring_elements":"0.86753","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32610"},{"reference_url":"https://github.com/pear/Archive_Tar","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pear/Archive_Tar"},{"reference_url":"https://github.com/pear/Archive_Tar/commit/7789ebb2f34f9e4adb3a4152ad0d1548930a9755","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pear/Archive_Tar/commit/7789ebb2f34f9e4adb3a4152ad0d1548930a9755"},{"reference_url":"https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f"},{"reference_url":"https://github.com/pear/Archive_Tar/releases/tag/1.4.14","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pear/Archive_Tar/releases/tag/1.4.14"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00023.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAODVMHGL5MHQWQAQTXQ7G7OE3VQZ7LS","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAODVMHGL5MHQWQAQTXQ7G7OE3VQZ7LS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAODVMHGL5MHQWQAQTXQ7G7OE3VQZ7LS/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAODVMHGL5MHQWQAQTXQ7G7OE3VQZ7LS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G5LTY6COQYNMMHQJ3QIOJHEWCKD4XDFH","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G5LTY6COQYNMMHQJ3QIOJHEWCKD4XDFH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G5LTY6COQYNMMHQJ3QIOJHEWCKD4XDFH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G5LTY6COQYNMMHQJ3QIOJHEWCKD4XDFH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/"},{"reference_url":"https://www.drupal.org/sa-core-2021-004","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988558","reference_id":"1988558","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988558"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991541","reference_id":"991541","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991541"},{"reference_url":"https://security.archlinux.org/AVG-2224","reference_id":"AVG-2224","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2224"},{"reference_url":"https://security.archlinux.org/AVG-2225","reference_id":"AVG-2225","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2225"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32610","reference_id":"CVE-2021-32610","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32610"},{"reference_url":"https://github.com/advisories/GHSA-p8q8-jfcv-g2h2","reference_id":"GHSA-p8q8-jfcv-g2h2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p8q8-jfcv-g2h2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7628","reference_id":"RHSA-2022:7628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7628"},{"reference_url":"https://usn.ubuntu.com/5027-1/","reference_id":"USN-5027-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5027-1/"},{"reference_url":"https://usn.ubuntu.com/5027-2/","reference_id":"USN-5027-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5027-2/"}],"fixed_packages":[],"aliases":["CVE-2021-32610","GHSA-p8q8-jfcv-g2h2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tk1v-t2e5-jqae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12883?format=json","vulnerability_id":"VCID-w6cz-mg4v-3udj","summary":"Drupal core access bypass vulnerability\nUnder some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13677","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4168","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4184","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41768","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41689","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41548","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41618","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41634","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41544","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41571","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41647","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41655","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41832","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41898","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41926","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41903","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41913","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41937","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41902","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41938","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41912","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13677"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b"},{"reference_url":"https://www.drupal.org/sa-core-2021-010","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2021-010"},{"reference_url":"https://security.archlinux.org/AVG-2407","reference_id":"AVG-2407","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2407"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13677","reference_id":"CVE-2020-13677","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13677"},{"reference_url":"https://github.com/advisories/GHSA-3xr3-phjp-g6p2","reference_id":"GHSA-3xr3-phjp-g6p2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3xr3-phjp-g6p2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371903?format=json","purl":"pkg:alpm/archlinux/drupal@9.2.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x92-vapt-n7dz"},{"vulnerability":"VCID-8hvk-a5es-v3e4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1"}],"aliases":["CVE-2020-13677","GHSA-3xr3-phjp-g6p2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6cz-mg4v-3udj"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.0-1"}