{"url":"http://public2.vulnerablecode.io/api/packages/409421?format=json","purl":"pkg:composer/drupal/drupal@8.0.0-rc1","type":"composer","namespace":"drupal","name":"drupal","version":"8.0.0-rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.2.11","latest_non_vulnerable_version":"11.0.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287070?format=json","vulnerability_id":"VCID-335n-fzp7-k7bc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7572","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48987","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48851","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7572"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7572","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7572"},{"reference_url":"https://www.drupal.org/SA-CORE-2016-004","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2016-004"},{"reference_url":"http://www.securityfocus.com/bid/93101","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/93101"},{"reference_url":"http://www.securitytracker.com/id/1036886","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1036886"},{"reference_url":"https://github.com/advisories/GHSA-fmqh-2j2x-vgp3","reference_id":"GHSA-fmqh-2j2x-vgp3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fmqh-2j2x-vgp3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385246?format=json","purl":"pkg:composer/drupal/drupal@8.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-3avj-j2h8-qbhh"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-75bq-ccux-afdn"},{"vulnerability":"VCID-7mhn-vstn-bqh5"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-e427-q7jy-1uad"},{"vulnerability":"VCID-e569-xntr-mkgm"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-jbd8-jvfd-cbbx"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-mjjh-e7up-6ubf"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-ukak-793e-m3gx"},{"vulnerability":"VCID-v3nf-tw9b-13c1"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-xyu6-aqjk-r7g7"},{"vulnerability":"VCID-yj7d-w9vg-23dn"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10"}],"aliases":["CVE-2016-7572","GHSA-fmqh-2j2x-vgp3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-335n-fzp7-k7bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287069?format=json","vulnerability_id":"VCID-5ytn-jezc-bfdq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7571","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60591","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60485","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7571"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7571","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7571"},{"reference_url":"https://www.drupal.org/SA-CORE-2016-004","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2016-004"},{"reference_url":"http://www.securityfocus.com/bid/93101","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/93101"},{"reference_url":"http://www.securitytracker.com/id/1036886","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1036886"},{"reference_url":"https://github.com/advisories/GHSA-vhg8-x858-7wq6","reference_id":"GHSA-vhg8-x858-7wq6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vhg8-x858-7wq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385246?format=json","purl":"pkg:composer/drupal/drupal@8.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-3avj-j2h8-qbhh"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-75bq-ccux-afdn"},{"vulnerability":"VCID-7mhn-vstn-bqh5"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-e427-q7jy-1uad"},{"vulnerability":"VCID-e569-xntr-mkgm"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-jbd8-jvfd-cbbx"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-mjjh-e7up-6ubf"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-ukak-793e-m3gx"},{"vulnerability":"VCID-v3nf-tw9b-13c1"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-xyu6-aqjk-r7g7"},{"vulnerability":"VCID-yj7d-w9vg-23dn"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10"}],"aliases":["CVE-2016-7571","GHSA-vhg8-x858-7wq6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ytn-jezc-bfdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172336?format=json","vulnerability_id":"VCID-75bq-ccux-afdn","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6922","reference_id":"","reference_type":"","scores":[{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82777","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82715","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.debian.org/security/2017/dsa-3897","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-3897"},{"reference_url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"},{"reference_url":"https://www.drupal.org/SA-CORE-2017-003","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2017-003"},{"reference_url":"http://www.securityfocus.com/bid/99219","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/99219"},{"reference_url":"http://www.securitytracker.com/id/1038781","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1038781"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6922","reference_id":"CVE-2017-6922","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6922"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml","reference_id":"CVE-2017-6922.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml","reference_id":"CVE-2017-6922.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml"},{"reference_url":"https://github.com/advisories/GHSA-58f3-cx8p-h8jg","reference_id":"GHSA-58f3-cx8p-h8jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58f3-cx8p-h8jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22022?format=json","purl":"pkg:composer/drupal/drupal@8.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4"}],"aliases":["CVE-2017-6922","GHSA-58f3-cx8p-h8jg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75bq-ccux-afdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197804?format=json","vulnerability_id":"VCID-7mhn-vstn-bqh5","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9452","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59759","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59867","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9452"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9452","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9452"},{"reference_url":"https://www.drupal.org/SA-CORE-2016-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2016-005"},{"reference_url":"http://www.securityfocus.com/bid/94367","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94367"},{"reference_url":"https://security.archlinux.org/ASA-201611-20","reference_id":"ASA-201611-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-20"},{"reference_url":"https://security.archlinux.org/AVG-74","reference_id":"AVG-74","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-74"},{"reference_url":"https://github.com/advisories/GHSA-jpj8-49hr-wcwv","reference_id":"GHSA-jpj8-49hr-wcwv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jpj8-49hr-wcwv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384451?format=json","purl":"pkg:composer/drupal/drupal@8.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-3avj-j2h8-qbhh"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-75bq-ccux-afdn"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-8h75-dgjd-nyc3"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-e427-q7jy-1uad"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-jbd8-jvfd-cbbx"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-mjjh-e7up-6ubf"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-vrva-c7km-ekda"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-xyu6-aqjk-r7g7"},{"vulnerability":"VCID-yj7d-w9vg-23dn"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3"}],"aliases":["CVE-2016-9452","GHSA-jpj8-49hr-wcwv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mhn-vstn-bqh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197805?format=json","vulnerability_id":"VCID-e569-xntr-mkgm","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9450","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45594","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45741","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9450"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9450","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9450"},{"reference_url":"https://www.drupal.org/SA-CORE-2016-005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2016-005"},{"reference_url":"http://www.securityfocus.com/bid/94367","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94367"},{"reference_url":"https://security.archlinux.org/ASA-201611-20","reference_id":"ASA-201611-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-20"},{"reference_url":"https://security.archlinux.org/AVG-74","reference_id":"AVG-74","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-74"},{"reference_url":"https://github.com/advisories/GHSA-98w5-wqp9-w466","reference_id":"GHSA-98w5-wqp9-w466","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98w5-wqp9-w466"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384451?format=json","purl":"pkg:composer/drupal/drupal@8.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-3avj-j2h8-qbhh"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-75bq-ccux-afdn"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-8h75-dgjd-nyc3"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-e427-q7jy-1uad"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-jbd8-jvfd-cbbx"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-mjjh-e7up-6ubf"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-vrva-c7km-ekda"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-xyu6-aqjk-r7g7"},{"vulnerability":"VCID-yj7d-w9vg-23dn"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3"}],"aliases":["CVE-2016-9450","GHSA-98w5-wqp9-w466"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e569-xntr-mkgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362288?format=json","vulnerability_id":"VCID-qec2-bj92-pue9","summary":"XSS Vulnerability\nCKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin.","references":[{"reference_url":"https://www.drupal.org/sa-core-2018-003","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2018-003"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386384?format=json","purl":"pkg:composer/drupal/drupal@8.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/386385?format=json","purl":"pkg:composer/drupal/drupal@8.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-d6bg-1u2b-1qdt"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.2"}],"aliases":["SA-CORE-2018-003"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qec2-bj92-pue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/295783?format=json","vulnerability_id":"VCID-qtax-krps-1udn","summary":"","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6926","reference_id":"","reference_type":"","scores":[{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.59067","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58955","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6926"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6926","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6926"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"},{"reference_url":"https://github.com/advisories/GHSA-2p28-5mvp-2j2r","reference_id":"GHSA-2p28-5mvp-2j2r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2p28-5mvp-2j2r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385155?format=json","purl":"pkg:composer/drupal/drupal@8.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5"}],"aliases":["CVE-2017-6926","GHSA-2p28-5mvp-2j2r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtax-krps-1udn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/287068?format=json","vulnerability_id":"VCID-sbsk-ydyr-kfbt","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7570","reference_id":"","reference_type":"","scores":[{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57574","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57458","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7570"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7570","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7570"},{"reference_url":"https://www.drupal.org/SA-CORE-2016-004","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2016-004"},{"reference_url":"http://www.securityfocus.com/bid/93101","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/93101"},{"reference_url":"http://www.securitytracker.com/id/1036886","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1036886"},{"reference_url":"https://github.com/advisories/GHSA-6g9h-6v79-w4pc","reference_id":"GHSA-6g9h-6v79-w4pc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6g9h-6v79-w4pc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385246?format=json","purl":"pkg:composer/drupal/drupal@8.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-3avj-j2h8-qbhh"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-75bq-ccux-afdn"},{"vulnerability":"VCID-7mhn-vstn-bqh5"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-e427-q7jy-1uad"},{"vulnerability":"VCID-e569-xntr-mkgm"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-jbd8-jvfd-cbbx"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-mjjh-e7up-6ubf"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-ukak-793e-m3gx"},{"vulnerability":"VCID-v3nf-tw9b-13c1"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-xyu6-aqjk-r7g7"},{"vulnerability":"VCID-yj7d-w9vg-23dn"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.10"}],"aliases":["CVE-2016-7570","GHSA-6g9h-6v79-w4pc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbsk-ydyr-kfbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/295784?format=json","vulnerability_id":"VCID-sgub-4xen-bbcy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6930","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62718","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62617","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6930"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6930","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6930"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"},{"reference_url":"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930","reference_id":"","reference_type":"","scores":[],"url":"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930"},{"reference_url":"https://github.com/advisories/GHSA-3327-jr93-7hq3","reference_id":"GHSA-3327-jr93-7hq3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3327-jr93-7hq3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385155?format=json","purl":"pkg:composer/drupal/drupal@8.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5"}],"aliases":["CVE-2017-6930","GHSA-3327-jr93-7hq3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgub-4xen-bbcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185271?format=json","vulnerability_id":"VCID-v3nf-tw9b-13c1","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9449","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44116","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44269","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9449","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9449"},{"reference_url":"https://www.drupal.org/SA-CORE-2016-005","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2016-005"},{"reference_url":"http://www.debian.org/security/2016/dsa-3718","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3718"},{"reference_url":"http://www.securityfocus.com/bid/94367","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94367"},{"reference_url":"https://security.archlinux.org/ASA-201611-20","reference_id":"ASA-201611-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-20"},{"reference_url":"https://security.archlinux.org/AVG-74","reference_id":"AVG-74","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-74"},{"reference_url":"https://github.com/advisories/GHSA-p745-347h-hjfw","reference_id":"GHSA-p745-347h-hjfw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p745-347h-hjfw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384451?format=json","purl":"pkg:composer/drupal/drupal@8.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-3avj-j2h8-qbhh"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-75bq-ccux-afdn"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-8h75-dgjd-nyc3"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-e427-q7jy-1uad"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-jbd8-jvfd-cbbx"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-mjjh-e7up-6ubf"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-vrva-c7km-ekda"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-xyu6-aqjk-r7g7"},{"vulnerability":"VCID-yj7d-w9vg-23dn"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.3"}],"aliases":["CVE-2016-9449","GHSA-p745-347h-hjfw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3nf-tw9b-13c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175225?format=json","vulnerability_id":"VCID-vc7s-6p62-bfaw","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58295","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2"},{"reference_url":"https://www.drupal.org/sa-core-2019-005","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909"},{"reference_url":"https://symfony.com/cve-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10909"},{"reference_url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine","reference_id":"CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2","reference_id":"GHSA-g996-q5r8-w7g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15739?format=json","purl":"pkg:composer/drupal/drupal@8.5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.5.15"},{"url":"http://public2.vulnerablecode.io/api/packages/15747?format=json","purl":"pkg:composer/drupal/drupal@8.6.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.6.15"}],"aliases":["CVE-2019-10909","GHSA-g996-q5r8-w7g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vc7s-6p62-bfaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172338?format=json","vulnerability_id":"VCID-xcck-137u-wyam","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6927","reference_id":"","reference_type":"","scores":[{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.8083","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.8077","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6932"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6927","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6927"},{"reference_url":"https://www.debian.org/security/2018/dsa-4123","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4123"},{"reference_url":"https://www.drupal.org/sa-core-2018-001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2018-001"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-001"},{"reference_url":"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927","reference_id":"","reference_type":"","scores":[],"url":"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927"},{"reference_url":"http://www.securityfocus.com/bid/103138","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/103138"},{"reference_url":"https://github.com/advisories/GHSA-585j-5449-mf5m","reference_id":"GHSA-585j-5449-mf5m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-585j-5449-mf5m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385155?format=json","purl":"pkg:composer/drupal/drupal@8.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5"}],"aliases":["CVE-2017-6927","GHSA-585j-5449-mf5m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcck-137u-wyam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/295781?format=json","vulnerability_id":"VCID-xyu6-aqjk-r7g7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6920","reference_id":"","reference_type":"","scores":[{"value":"0.66148","scoring_system":"epss","scoring_elements":"0.98548","published_at":"2026-06-12T12:55:00Z"},{"value":"0.66148","scoring_system":"epss","scoring_elements":"0.98544","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6920"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6920","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6920"},{"reference_url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"},{"reference_url":"https://www.drupal.org/SA-CORE-2017-003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2017-003"},{"reference_url":"http://www.securityfocus.com/bid/99211","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/99211"},{"reference_url":"http://www.securitytracker.com/id/1038781","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1038781"},{"reference_url":"https://github.com/advisories/GHSA-9c24-g32g-35rj","reference_id":"GHSA-9c24-g32g-35rj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9c24-g32g-35rj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22022?format=json","purl":"pkg:composer/drupal/drupal@8.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4"}],"aliases":["CVE-2017-6920","GHSA-9c24-g32g-35rj"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyu6-aqjk-r7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210059?format=json","vulnerability_id":"VCID-yj7d-w9vg-23dn","summary":"Drupal file REST resource does not properly validate","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6921","reference_id":"","reference_type":"","scores":[{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63757","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63655","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6921"},{"reference_url":"https://github.com/drupal/core","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/drupal/core"},{"reference_url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"},{"reference_url":"https://www.drupal.org/SA-CORE-2017-003","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2017-003"},{"reference_url":"http://www.securityfocus.com/bid/99222","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/99222"},{"reference_url":"http://www.securitytracker.com/id/1038781","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1038781"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6921","reference_id":"CVE-2017-6921","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6921"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml","reference_id":"CVE-2017-6921.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml","reference_id":"CVE-2017-6921.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h377-287m-w2r9","reference_id":"GHSA-h377-287m-w2r9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h377-287m-w2r9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22022?format=json","purl":"pkg:composer/drupal/drupal@8.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-zbn8-5khn"},{"vulnerability":"VCID-1njn-2hyh-hyhn"},{"vulnerability":"VCID-1up8-x9s6-vbd5"},{"vulnerability":"VCID-26az-uqef-w7aq"},{"vulnerability":"VCID-26ck-rher-hfg4"},{"vulnerability":"VCID-28cu-un2e-xub7"},{"vulnerability":"VCID-2wdn-8583-v3dg"},{"vulnerability":"VCID-4u3b-stye-77ah"},{"vulnerability":"VCID-4z8y-2e7d-7qhb"},{"vulnerability":"VCID-57nk-7ugd-vucf"},{"vulnerability":"VCID-7sar-42a4-kqdy"},{"vulnerability":"VCID-agxw-t98a-j3bm"},{"vulnerability":"VCID-bha5-1s4u-3bg6"},{"vulnerability":"VCID-bxdv-fxzq-sbdz"},{"vulnerability":"VCID-cs4j-rhc4-xbhd"},{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-ejwp-ehyk-r3cf"},{"vulnerability":"VCID-ftd8-be73-5bc3"},{"vulnerability":"VCID-hdq9-fe9e-93hb"},{"vulnerability":"VCID-hyd9-kcsg-5kgb"},{"vulnerability":"VCID-kepa-chya-sfdb"},{"vulnerability":"VCID-krjp-u36k-17fs"},{"vulnerability":"VCID-krqe-tg7a-yuex"},{"vulnerability":"VCID-kryq-8j5g-d7a6"},{"vulnerability":"VCID-ku79-by46-s3h9"},{"vulnerability":"VCID-nbzz-f1n8-mbdw"},{"vulnerability":"VCID-nhub-1map-n3by"},{"vulnerability":"VCID-qec2-bj92-pue9"},{"vulnerability":"VCID-qtax-krps-1udn"},{"vulnerability":"VCID-qvsn-ab7h-cqc5"},{"vulnerability":"VCID-r7kh-gpy6-juht"},{"vulnerability":"VCID-s5ak-abr9-vbe6"},{"vulnerability":"VCID-s93m-ue36-vyg1"},{"vulnerability":"VCID-sgub-4xen-bbcy"},{"vulnerability":"VCID-t33g-z4ps-ykcy"},{"vulnerability":"VCID-txdd-bamb-ckcy"},{"vulnerability":"VCID-u8xe-6xh5-6ygb"},{"vulnerability":"VCID-uj1s-21kp-pbhy"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-wn4r-rc6m-xbhy"},{"vulnerability":"VCID-x78g-nsnv-ebhc"},{"vulnerability":"VCID-xcck-137u-wyam"},{"vulnerability":"VCID-yku8-k9fs-d7c8"},{"vulnerability":"VCID-ytts-zj5y-2kdc"},{"vulnerability":"VCID-zt27-b3qc-fbac"},{"vulnerability":"VCID-zxut-nxke-7fce"},{"vulnerability":"VCID-zymc-a812-1ua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.4"}],"aliases":["CVE-2017-6921","GHSA-h377-287m-w2r9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yj7d-w9vg-23dn"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0-rc1"}